campaigns Archives

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

AppWizard

May 9, 2026

Steam Best-Selling Game Review Bombed by PC Gamers

Slay the Spire 2 has experienced a significant review bombing on Steam, dropping from an “Overwhelmingly Positive” rating to “Mostly Negative” due to contentious updates and the involvement of consultant Anita Sarkeesian. Over the past month, 65% of the game's reviews, totaling 51,859, have been negative. The controversy has largely remained confined to Steam, as the game is in early access and lacks user reviews on Metacritic. Mega Crit has not yet commented on the situation.

AppWizard

May 8, 2026

Path of Exile 2’s ‘biggest expansion ever’ reworks its entire post-campaign grind for new and returning players alike

Path of Exile 2 is undergoing a significant overhaul to enhance the endgame experience, which will be showcased in the upcoming expansion titled Return of the Ancients, launching on May 29. The expansion introduces the Genesis Tree for crafting unique jewelry, new challenges like the Delirium mirror, and massive fortifications with unique modifiers that reward players. Players can auto-complete sections by defeating a new pinnacle boss. The rework includes mini-goals to improve exploration across the Atlas. This expansion is the final major update before the game reaches version 1.0 later this year, with all character classes and remaining campaign acts included. A new league mechanic allows crafting of runes and gear modifications. The update represents the most substantial change since the game's early access launch.

AppWizard

May 7, 2026

Messenger Statistics By Revenue, Usage And Behavior (2026)

Messenger has approximately 1.12 billion monthly active users as of the first quarter of 2026. In the first half of 2026, it generated USD 3.2 billion in non-ad revenue, reflecting a 63% year-over-year growth. In India, there are 424.3 million Messenger users, making up 28.7% of the country's population. South-Eastern Asia accounted for 212 million Messenger users in 2025, representing 22.4% of the global total. The user base shows a gender disparity with 55.5% male users and 44.5% female users, and is primarily favored by those aged 25–34, who comprise 32.4% of users. Messenger has surpassed 5 billion downloads on the Google Play Store, with users spending an average of 3 hours and 21 minutes per month on the app. It supports customer communication for over 40 million businesses, with approximately 80% of messages opened within the first hour. Messenger.com received 244.62 million visits in March 2026, a 30.67% increase from February. Chatbots on the platform handle up to 80% of routine inquiries, and the engagement rates for campaigns are high, with open rates ranging from 70% to 88%. Overall, Messenger is among the top three or four most-used platforms globally, trailing only behind Facebook and WhatsApp.

Tech Optimizer

May 7, 2026

What Is Endpoint Detection and Response?

Traditional endpoint security measures, such as antivirus software and firewalls, are increasingly ineffective against sophisticated cyberattacks, which can bypass these defenses. Endpoint Detection and Response (EDR) is a solution that emphasizes rapid detection and containment of threats, continuously monitoring endpoint activity and identifying suspicious behavior in real time. EDR platforms gather data from all connected endpoints and utilize AI-driven analytics to detect both known and unknown threats. In 2024, over 97 billion exploitation attempts were recorded, underscoring the need for robust endpoint protection. EDR tools operate in four stages: detection, containment, investigation, and elimination of threats. They collect telemetry data from endpoints to establish a baseline of normal activity, enabling the identification of anomalies that may indicate a threat. EDR can automatically isolate affected endpoints, terminate malicious processes, and execute remediation actions. EDR employs two methods for threat detection: comparing endpoint activity against indicators of compromise for known threats and using behavioral detection models for unknown threats. The system can generate reports on threat activity and response effectiveness, aiding compliance and operational decision-making. The telemetry data collected is stored in a centralized repository, supporting threat-hunting initiatives. Organizations that deployed EDR in 2024 experienced an average breach cost that was significantly lower than those that did not. EDR minimizes security blind spots, reduces the attack surface by identifying vulnerabilities, speeds up investigations and responses, blocks new threats through behavioral analysis, and strengthens other security measures when integrated with existing tools. Challenges in EDR implementation include alert fatigue, integration complexity, resource constraints, and limited scope. When choosing an EDR solution, organizations should prioritize features such as real-time threat detection, automated response capabilities, behavioral analysis, offline protection, low performance impact, and integration with existing tools. EDR functions effectively as part of a layered security strategy, complementing other tools like Endpoint Protection Platforms (EPP) and Extended Detection and Response (XDR). EDR focuses on endpoint activity, while EPP serves as a first line of defense against common threats, and XDR broadens the scope to include network traffic and cloud workloads. VPNs encrypt network traffic, providing an additional layer of protection for data in transit.

Winsage

May 6, 2026

“Minimize downtime and simplify troubleshooting”: Microsoft’s powerful new recovery tool is quietly fixing System Restore. Here’s how it actually works.

System Restore is a recovery tool in Windows that allows users to revert their systems to a previous state, originating with Windows ME. It generates restore points that can be created manually or automatically, with a maximum retention of 60 days starting from the Windows 11 24H2 update in 2025. System Restore captures essential system files and settings but does not recover personal files. The new Point-in-Time Restore feature, introduced in 2025 and appearing in the Windows 11 Insider Experimental preview in April 2026, captures a broader range of data, including user files and applications, and operates on a scheduled basis with snapshots retained for up to 72 hours. It is optional for standard users, enabled by default for PCs with 200GB or more storage, and has storage limits set to 2% of total drive capacity. In enterprise settings, it is always enabled for Windows 365 Enterprise, maintaining restore points for up to one month and utilizing cloud storage. Point-in-Time Restore aims to improve the recovery experience and address limitations of the classic System Restore.

AppWizard

May 6, 2026

This month’s Humble Choice is offering one of the best turnbased sicko RPGs of the century for an all time low $15—plus you get 8 other games including Diablo 4

Atlus is known for its JRPGs, with Shin Megami Tensei 5: Vengeance being highlighted as a standout title. The game offers a straightforward, turn-based creature-collecting experience with minimal dialogue and cutscenes, making it engaging for players. SMT 5 features two campaigns that provide strategic turn-based combat without lengthy narratives. It is currently available through the Humble Choice bundle for a limited time, priced at a single month's subscription, which includes seven additional games. The bundle features titles such as Diablo 4 and Crysis 3 Remastered. Kerry Brunskill rated SMT 5 a 91 out of 100, calling it "an essential RPG."

BetaBeacon

May 6, 2026

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.