campaign Archives

Winsage

June 19, 2026

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has identified a Windows-based cryptocurrency clipper campaign that has been active since February 2026. This campaign uses clipboard-intercepting malware with self-spreading capabilities and operates through the Tor network. The clipper malware employs Windows Script Host and ActiveX to launch a Tor proxy and connect to a hidden command-and-control server. It focuses on stealing clipboard data, particularly cryptocurrency wallet addresses, and can exfiltrate screenshots. The malware is distributed via malicious Windows Shortcut (LNK) files on USB drives, which activate a worm that checks for existing infections and fetches the payload from a remote server. The clipper monitors the clipboard every 500 milliseconds for sensitive information and can replace copied wallet addresses with those controlled by attackers. Microsoft recommends behavioral detections, disabling AutoRun for removable media, blocking LNK execution from drives, and monitoring clipboard-related activities as mitigations against this threat.

AppWizard

June 18, 2026

Here’s what’s coming to your PC with Xbox Game Pass

- Gears of War: E-Day is a third-person shooter set to launch on October 6, available on Xbox and PC. - Fable is an open-world RPG scheduled for release on February 23, 2027, featuring comedians Richard Ayoade and Matt King. - Halo: Campaign Evolved is a remaster set to release on July 28, 2026, featuring updated graphics and three new prologue missions. - Minecraft Dungeons II is set for release in September and includes a four-person multiplayer mode. - State of Decay 3 is scheduled for release in 2027, with details still to be announced. - Resonance: A Plague Tale Legacy is a prequel set to release on August 27, 2026, focusing on combat-oriented gameplay.

Tech Optimizer

June 18, 2026

Retro gaming fans are the new target for fake GitHub malware

Retro gaming enthusiasts should be cautious when exploring GitHub projects for tools or plugins, as cybercriminals may disguise malware as homebrew software. A specific incident involved a project called EQVita, which pretended to be a free audio tool for PlayStation Vita but actually contained Windows malware. The downloaded file included three files: Launch.bat, luajit.exe, and x64.txt, with the latter concealing a hidden script that connected to the attacker's server upon execution. This scam is part of a broader trend where counterfeit GitHub repositories distribute SmartLoader malware, which retrieves additional malicious software aimed at stealing passwords and cryptocurrency wallets. The PS Vita community, despite the console's production ceasing, remains active in modding, making it a target for attackers. Legitimate plugins typically come in Vita-compatible formats, while fake ones may feature polished marketing materials and AI-generated descriptions. Users are advised to verify sources, be cautious of suspicious downloads, and utilize security tools like Malwarebytes. If someone has executed the malicious EQVitav1.3.zip file, they should conduct a malware scan, change important passwords, and monitor accounts for unauthorized access. Indicators of compromise include the domains https://github.com/Voistace/EQVita and https://voistace.github.io, and the IP address 85.137.52.21.

AppWizard

June 18, 2026

Stellaris’ Nomads expansion finally lets me live out my Battlestar Galactica fantasies, though its Wayline system could definitely use some work

Players in Stellaris experience an enchanting initial phase of exploration, discovering alien species, mega structures, and black holes. They must balance exploration with territory claiming, as resource management is crucial. Resources can be transported back to the Arkship or harvested directly from planets, though the latter incurs penalties. Nomadic players need to forge alliances and establish Wayline treaties to survive and thrive, while new resources like Operational Reserves add complexity. Upgrading the Arkship is rewarding, and the game features a vibrant post-Nomads era with new music and events enhancing gameplay.

BetaBeacon

June 17, 2026

Pokémon Champions has brought the battle to Android and iOS

Pokémon Champions has been launched on Android and iOS, originally released on the Nintendo Switch. Players can obtain a free Raichu along with Raichunite X and Raichunite Y mega stones through a special in-game campaign until September 1, 2026. The game supports cross-platform play and save data can be accessed on any platform by signing into a Nintendo account.

BetaBeacon

June 17, 2026

Pokémon Champions Available Now on iOS and Android Devices

The Pokémon Company International has released Pokémon Champions for mobile devices, Nintendo Switch, and Nintendo Switch 2 consoles. Players can participate in a special in-game campaign featuring Raichu until September 2, 2026, to receive Raichu and Mega Stones. The game is designed to be inclusive and accessible to all players, with free downloads and cross-play compatibility.

AppWizard

June 16, 2026

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla targets 217 banking and cryptocurrency applications and features 137 commands for malicious activities. It is distributed via deceptive websites posing as legitimate application sources and impersonates Google Play Protect to lure users into installing infected apps. Once installed, it seeks Accessibility service permissions and access to notifications, SMS, and calls. Rokarolla communicates with a command-and-control server, sending device profiles to generate unique identifiers for victims. Its primary goal is to steal financial information by using deceptive login overlays to capture sensitive data and maintain control over the device. The malware employs evasion tactics such as disabling Google Play Protect, hiding its icon, silencing notifications, and keeping the screen awake. It can steal SMS messages, extract contacts, capture keystrokes, record screen content, manipulate clipboard contents, block calls, and take screenshots. Zimperium confirms that Rokarolla is not found on Google Play, and users are advised to avoid downloading APK files from untrusted sources and to be cautious with Accessibility permissions.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

AppWizard

June 15, 2026

How to Use Meta AI on Meta Apps

Meta AI is integrated into WhatsApp, Instagram, Facebook, and Messenger, providing functionalities like chat, search, image generation, and automated customer support through the Meta Business Agent. Its availability varies by country, account type, app version, and language. Users should be aware that seeing a colleague's blue Meta AI ring in WhatsApp while they do not may indicate a rollout flag on Meta's end rather than an app malfunction. Meta AI can answer queries, suggest ideas, generate images from prompts, clarify messages, assist with searches, and support customer interactions for business accounts. It is linked to the Llama model family, including Llama 2 and Llama 3. To use Meta AI on WhatsApp, users need to update the app and can start a chat by locating the Meta AI button or circle. They can ask practical questions, request image generation, and utilize it in group chats. On Instagram, it enhances DMs and search functions, allowing users to create AI chats for content ideas and captions. In Messenger, there is an "Ask Meta AI" bar for direct interactions. Users can also utilize Meta AI on Facebook for search and content discovery. The Meta Business Agent is a version of Meta AI for businesses, providing 24/7 responses to customer inquiries. It can be set up in Meta Business Suite or WhatsApp Business. Privacy measures should be considered, as users cannot entirely disable Meta AI and should avoid sharing sensitive information in chats. For better responses, users should provide context and constraints in their prompts and consider training in prompt design and AI risk management for professional use.

AppWizard

June 15, 2026

Your inbox might finally get quieter now that Google is taking down a major AI scam ring

Google has filed a lawsuit against the alleged China-based "Outsider Enterprise" network for using Gemini AI to conduct extensive phishing scams. The company is working with the FBI and major telecommunications carriers, including AT&T, T-Mobile, and Verizon, to intercept scam messages. Investigators have linked the operation to over 9,000 counterfeit websites and more than one million malicious URLs, primarily targeting Android users. The "Outsider" phishing platform offered over 290 website templates for mimicking banks and other entities, utilizing AI-generated code. Google is also supporting seven bipartisan bills aimed at combating AI-driven fraud and has implemented AI-driven defenses that block over 10 billion malicious messages each month.