botnet Archives

Tech Optimizer

February 13, 2026

MyDoom virus: What it is and why it mattered

In January 2004, the MyDoom computer worm quickly spread to email inboxes in 168 countries, becoming one of the fastest-spreading pieces of malware in internet history. It exploited human behavior by enticing users to open email attachments that appeared to be delivery errors or system notifications. MyDoom replicated itself through email without corrupting files or destroying data, harvesting email addresses from infected computers to send copies to new victims. The two main variants, MyDoom.A and MyDoom.B, targeted the SCO Group and Microsoft, respectively, and demonstrated the potential for email worms to be weaponized for coordinated attacks. MyDoom primarily targeted Windows-based operating systems and used deceptive emails to propagate. Once infected, it installed a backdoor for unauthorized remote access, forming a botnet for further attacks. MyDoom's effectiveness was due to its alignment with user behavior and the limited security measures of the time, leading to significant disruptions in email communication and an estimated economic impact of approximately billion. Although no longer a current threat, MyDoom's legacy influenced modern email security protocols, leading to improved filtering, behavior-based detection, and multi-layered defense strategies.

Winsage

February 11, 2026

Prometei Botnet: Windows Server Takeover & Monero Mining

Cookies play a crucial role in digital analytics by tracking user behavior on websites. Common cookies like tuuid, tuuidlastupdate, um, and umeh collect data on site visits, including frequency, duration, and specific pages accessed. Cookies such as nascx are used by social sharing platforms to record visited sections and recommend related content. APID and IDSYNC gather anonymous user visit data to inform marketing strategies. Demographic and geographical data are collected by cookies like ccaud, cccc, ccdc, and ccid to create targeted advertising campaigns. The dpm cookie links user navigation with offline survey data for targeted ads. Unique identifiers such as acs, clid, KRTBCOOKIE_#, PUBMDCID, and PugT help identify users across visits for targeted advertising. Security-focused cookies like SIDCC protect user data, while Google’s reCAPTCHA measures user interactions. Cookies like utmx and utmxx are used in A/B testing to optimize website performance and user satisfaction.

AppWizard

January 31, 2026

Google takes down an invisible network that was secretly using your phone’s internet

Google has dismantled the IPIDEA residential proxy network, which had exploited millions of devices for cybercrime. This operation resulted in the liberation of approximately nine million Android devices and the removal of hundreds of compromised applications. IPIDEA's infrastructure was integrated into various software development kits (SDKs), allowing it to covertly enlist devices into its proxy pool. Google updated its Play Protect system to identify and eliminate affected applications and collaborated with partners to disrupt the network's underlying systems. The efforts led to a significant decrease in hijacked devices available for exploitation.

Tech Optimizer

December 12, 2025

The digital impersonators: How cybercriminals hijack your brand to launch malvertising attacks

Brand trust is highly valued by consumers, leading cybercriminals to exploit it through malvertising, which embeds malicious code in legitimate ads. Malvertising can redirect users to phishing sites or download malware. Cybercriminals create fake ads that mimic trusted brands, targeting high-traffic moments and using real-time bidding to distribute these ads on reputable sites. The process involves setting up fake accounts, creating convincing ads, purchasing ad space, and delivering malware through exploit kits. The consequences include identity theft and financial loss for consumers, and reputational damage for brands. To protect against these threats, organizations should implement regular software updates, continuous employee training, protective tools, and consider partnering with managed service providers for enhanced security measures.

AppWizard

December 1, 2025

SmartTube app was infected by malware, here’s what happened

Google Play Protect disabled the SmartTube app on Android TV, labeling it as potentially harmful due to a compromised digital signature. The developer, Yuliskov, confirmed that the signature breach allowed for the creation of counterfeit app versions that could carry malware. A user discovered that SmartTube version 30.51 contained a hidden library that collected device-specific information and transmitted it to external servers, raising concerns about botnet activity. Certain versions of SmartTube, specifically 30.43 and 30.47, were confirmed to have been compromised due to malware on the developer's computer. Users were advised to uninstall infected versions, including 28.56, 28.58, 28.66, 28.75, 28.78, 29.13, 29.37, 29.62, 29.63, 29.85, 30.27, 30.32, 30.38, 30.40, 30.43, 30.44, 30.45, and 30.51, and to download the newly released safe version from trusted sources. Yuliskov assured users that the compromised computer has been cleaned and that new releases are secure.

Winsage

November 17, 2025

Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches

Microsoft has acknowledged an issue with the Windows 10 KB5068781 extended security update, which is failing to apply after installation for users with corporate licenses, resulting in a rollback. A group of hackers believed to be backed by China executed a large-scale cyberattack using Claude Code AI, targeting 30 organizations across various sectors. The Cybersecurity and Infrastructure Security Agency (CISA) reported that U.S. government agencies are struggling to patch critical vulnerabilities in Cisco devices amid the “Arcane Door” hacking campaign. Five individuals pleaded guilty to charges related to helping North Korean IT workers infiltrate 136 companies in the U.S. from September 2019 to November 2022. Port Alliance, a Russian port operator, reported disruptions due to a DDoS cyberattack targeting its operations related to coal and mineral fertilizer exports. DoorDash experienced a data breach on October 25, potentially affecting personal details of customers, Dashers, and merchants across the U.S. and Canada, traced back to a social engineering scam. North Korean hackers are using JSON storage services to host and deliver malware, approaching victims with job offers on platforms like LinkedIn. Jaguar Land Rover reported a financial impact of £196 million (0 million) from a cyberattack in September that forced production halts and compromised data.

Tech Optimizer

November 13, 2025

Emotet: The horse returns to a gallop more dangerous than ever

Emotet is a Trojan Horse malware that emerged in 2014, impacting over 1.6 million devices and originally designed to steal banking credentials. Developed by the MealyBug criminal organization, it evolved into a modular Trojan-dropper, enabling it to download various payloads and act as Malware-as-a-Service on the dark web. Emotet spreads primarily through spam emails, often using malicious Word or Excel files, and has been disseminated via local area networks and password-protected zip folders. The malware operates through botnets categorized into epochs, with Epochs 1, 2, and 3 dismantled in 2021 by a coordinated international operation. Following this, Emotet resurfaced in November 2021 as Epochs 4 and 5, incorporating a Cobalt Strike beacon for enhanced propagation. Recommended precautions include keeping software updated, using two-factor authentication, and educating employees about email threats. Network administrators are advised to block unscannable email attachments, configure specific email filters, and maintain secure backups.

AppWizard

November 8, 2025

A dangerous rise in Android malware hits critical industries

A study by Zscaler has reported a significant increase in mobile and IoT security incidents, with 239 malicious Android applications on Google Play downloaded 42 million times. There has been a 67% year-over-year increase in Android malware transactions, primarily involving spyware, banking trojans, and adware, which now constitutes 69% of all malware detections. The energy sector has seen a 387% rise in attack attempts, while manufacturing and transportation industries face over 40% of IoT threats. IoT attacks are largely driven by malware families like Mirai, Mozi, and Gafgyt, which account for about 75% of malicious payloads, with routers being the primary targets. Mobile attacks are concentrated in a few countries, emphasizing the need for enhanced security measures.

Winsage

October 23, 2025

Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers

Mark your calendars for this Friday's Super Cyber Friday, featuring the session titled "Hacking the Death of EDR." Russian state-sponsored hacking group Coldriver has introduced three new malware strains: NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. The new malware is designed to evade detection and extract sensitive data from high-value targets. Microsoft has acknowledged that Windows updates released since August 29th are causing login failures on systems with duplicate Security Identifiers (SIDs), leading to authentication failures. Microsoft recommends rebuilding affected systems or contacting support for a temporary fix. Kaspersky researchers have identified a likely Chinese-speaking threat actor behind the “PassiveNeuron” campaign, targeting government, financial, and industrial servers across Asia, Africa, and Latin America since 2024, using custom implants and Cobalt Strike. CISA has added high-severity vulnerabilities in Oracle E-Business Suite, Microsoft Windows SMB Client, Kentico Xperience CMS, and Apple JavaScriptCore to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by November 10th. Researchers from France's CEA and Soitec have unveiled a new chip architecture called Fully Depleted Silicon-on-Insulator, designed to defend against laser fault injection attacks on automotive microcontrollers. During Pwn2Own Ireland 2025, researchers exploited 34 zero-days across various devices, earning a total of 2,500 in rewards, with Team DDOS chaining eight zero-days to compromise a QNAP router and NAS. Koi Security researchers discovered a new self-propagating malware named GlassWorm, which has infected approximately 36,000 developer systems by exploiting Visual Studio Code extensions, pilfering credentials, and installing remote access tools. PolarEdge is a botnet malware targeting Cisco, ASUS, QNAP, and Synology routers, first detected in February, which installs a TLS-based backdoor to fingerprint hosts and execute tasks while employing anti-analysis techniques.

Tech Optimizer

September 12, 2025

Shamos malware tricks Mac users with fake fixes

A new malware campaign targeting Mac users has been identified, featuring a variant called Shamos, part of the Atomic macOS Stealer (AMOS) family, created by the cybercriminal group COOKIE SPIDER. The malware spreads through deceptive tactics that lure victims to counterfeit websites or GitHub repositories, where they are tricked into executing a command in Terminal that downloads Shamos, bypassing macOS Gatekeeper protections. Once installed, Shamos seeks sensitive information such as Apple Notes, Keychain items, browser passwords, and cryptocurrency wallets, sending the stolen data to attackers along with additional malware. The fraudulent distribution of these "fixes" is facilitated through malvertising campaigns and imitation tech support sites. Victims are encouraged to execute commands that download malicious scripts, which can capture passwords and disable file protections, allowing Shamos to maintain control even after system restarts. To protect against Shamos, users are advised to avoid running unfamiliar commands, steer clear of sponsored search results, be cautious with GitHub projects, use strong antivirus protection, consider personal data removal services, and keep macOS updated to close vulnerabilities.