Chrome Archives

AppWizard

May 1, 2026

Android Auto app widgets mirror mobile setup, leak shows as release nears

Android Auto is set to receive a significant update with the introduction of a widget selection feature, codenamed "Gemini." This update aims to enhance user experience and integrates widgets into the driving experience. The "car widgets" menu is accessible in Android Auto version 16.8.161804-release.daily, featuring a layout similar to home screen widget selection on Android devices. The menu includes a highlighted section, browsing option, and search bar, with app options like Calendar, Chrome, Google Drive, and ChatGPT. Google may impose limitations on widget functionality within the dashboard for optimal display and usability. There is currently no timeline for the official announcement of this feature, but it may be highlighted at the upcoming Google I/O event.

Tech Optimizer

May 1, 2026

All-in-one privacy bundle handles your VPN, antivirus, and data broker removal for $92

Surfshark One+ with Incogni is a comprehensive online privacy solution that combines a VPN, antivirus protection, and personal data removal services. The two-year plan is currently priced at .99, reduced from its regular price of 9.40. The Surfshark component includes a VPN, real-time antivirus protection, and Surfshark Alert for data breach notifications, while Incogni handles the removal of personal information from over 420 data brokers. Incogni has processed over 245 million removal requests, verified by Deloitte, and offers identity theft coverage of up to million. The service supports up to five devices and is compatible with various operating systems.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

AppWizard

April 30, 2026

LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Minecraft players are being targeted by a deceptive hacking tool called “Slinky,” which is actually an infostealer known as LofyStealer linked to the Brazilian cybercrime group LofyGang. The malware uses a Node.js-based loader and a C++ payload to extract sensitive browser data, disguising itself as a Minecraft hack. It primarily targets younger players who may unknowingly execute it. The malware operates through a two-stage architecture, with a 53.5 MB loader binary that injects a smaller 1.4 MB payload into browser processes, bypassing detection methods. It collects sensitive information such as cookies, passwords, and credit card details, compressing and encoding the data for exfiltration. The command-and-control (C2) infrastructure is hosted in Brazil, and the malware's design reflects advanced compilation techniques. The campaign is attributed to LofyGang, which has evolved into a more professional entity, posing severe risks to players who download cheats and cracked tools. Indicators of compromise include a specific C2 IP address and associated endpoints.

AppWizard

April 30, 2026

LofyStealer Uses Node.js Loader Against Minecraft Gamers

Cybersecurity threat hunters have discovered an active infostealer campaign targeting the gaming community, involving malware called LofyStealer (or GrabBot) that disguises itself as a Minecraft hack named “Slinky.” The attackers use the official game icon to trick young gamers into executing the malware. The Brazilian cybercrime group LofyGang has enhanced its technical capabilities, utilizing a sophisticated two-stage modular architecture. The initial stage features a 53.5 MB loader file named load.exe, which is a Node.js runtime environment that obscures malicious signatures. The loader connects to the attacker’s server and decrypts a 1.4 MB C++ payload, chromelevator.exe, which targets eight web browsers to extract sensitive information like cookies and passwords. The stolen data is compressed, encrypted, and sent to the attacker’s server. LofyGang has evolved into a Malware-as-a-Service platform, offering a web panel for operators to monitor victims and generate custom executables. The campaign highlights the increasing threats to the gaming community, with advanced evasion techniques being employed by cybercriminals. Security professionals are advised to monitor network traffic and conduct audits for suspicious activities.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

Tech Optimizer

April 29, 2026

Microsoft Says Defender Antivirus Is Good Enough. I Say Nope

Microsoft Defender Antivirus, originally launched in 1993 as Microsoft Anti-Virus for MS-DOS, has evolved over the years but historically struggled with effective malware protection. Recent improvements have led to better performance in independent lab tests. Microsoft claims that Defender's built-in capabilities are sufficient for protection against various threats, but it acknowledges that third-party antivirus solutions may be necessary for users with multiple devices. Defender's phishing protection is limited to the Edge browser, and it lacks many features found in competing antivirus products, such as advanced scam protection and a user-friendly interface. While Defender offers basic protection, it may not meet the needs of most users in today's digital landscape.

AppWizard

April 28, 2026

These 3 Android Apps Can Block Ads On Your Phone

Users are increasingly seeking effective solutions to enhance their browsing experience in digital advertising, with some opting for methods beyond traditional ad-blockers, such as configuring a private DNS server to filter ads at the system level. This method can face challenges, including certain applications circumventing settings and networks blocking custom DNS configurations, which may lead to connectivity issues. DNS-based ad-blocking can disrupt app functionality or create voids where ads would typically appear. NextDNS offers customizable blocklists for ad-blocking and functions as a customizable endpoint, requiring users to set it up through Android's native DNS settings. It provides a dashboard with parental controls, tracking protection, and analytics tools, free for up to 300,000 queries per month. AdLock focuses on system-wide ad-blocking across various platforms and requires users to download the APK and subscribe for use on multiple devices, starting at .05 per month. It does not allow ads to be displayed and includes a safety check feature for potential threats. Total AdBlock, developed by Total Security Limited, offers free and premium versions, with the premium version providing full functionality, including ad-blocking on YouTube. It has a high effectiveness score on the AdBlock Tester tool and includes features like content blocking and direct support access. The curated list of ad blockers targets options that do not require root access and are cost-effective, designed to operate at the device level for Android users, as the default Chrome browser does not support extensions. Trustworthiness and reputation were key factors in the selection process, focusing on maintaining a clean browsing experience without invasive tracking mechanisms.

Tech Optimizer

April 27, 2026

Bitdefender Total Security review: Tried and tested by an antivirus expert

Modern antivirus solutions have integrated various tools into a single interface, with Bitdefender exemplifying this trend. It features a dashboard for system scans, recommendations, and account management. The “Protection” section includes antivirus settings, online threat defense, and firewall options. Users can enable an anti-spam service for email applications like Outlook and Thunderbird. The privacy tab offers an anti-tracker browser plugin and a limited free VPN. Additional privacy features include video and audio protection to manage webcam and microphone access, and Safepay for secure online banking. Bitdefender also provides a desktop widget for protection status, secure file shredding, and remote device management options. In terms of performance, Bitdefender operates efficiently, using less than 100MB of RAM for its main interface, but can spike during full system scans. It successfully detected a trojan during a scan of a linked Google Drive account. Bitdefender effectively identified all test files in antivirus testing and enhances browser security by intervening when users ignore warnings. The application is easy to install, with a compact file size, and offers a Quick Scan feature that allows users to scan only applications after a thorough initial scan.

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.