clipboard Archives

AppWizard

May 12, 2026

This devious Android malware has returned disguised as TikTok or streaming apps — and is now using blockchain to remain undetected

Researchers at ThreatFabric have identified a new variant of the TrickMo banking trojan, named TrickMo.C, targeting Android users in Europe since January 2026. TrickMo.C disguises itself as popular applications like TikTok and streaming services, using tactics such as phishing overlays to harvest login credentials and sensitive information. It can log keystrokes, record screens, livestream content, intercept SMS messages, suppress OTP notifications, modify the clipboard, filter notifications, and capture screenshots. The primary targets are in France, Italy, and Austria, allowing unauthorized access to bank accounts and cryptocurrency wallets. TrickMo.C distinguishes itself by using the TON network for communication, which enhances anonymity and complicates detection efforts.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

Winsage

May 10, 2026

Windows 11 testers say new touchpad upgrades and File Explorer fixes finally make Insider builds feel smoother

Windows Insiders can check for new builds weekly, with Microsoft releasing four Insider builds that include various enhancements. The Beta Channel Insiders have not yet transitioned to the new Beta experience. Users in the Dev Channel moving to the Experimental Channel will receive Build 26300.8376, while those in the Canary 28000 series will also transition to Experimental, receiving Build 28020.2075. Insiders from the Canary 29500 series will be updated to Build 29585.1000. A free upgrade path to Windows 11 Pro Education from Windows 11 Home is available for K-12 educational settings, allowing institutions to manage devices effectively. This upgrade is one-way only. Build 26300.8376 introduces new gesturing functionalities for precision touchpads, including control over scroll/zoom speed and automatic scrolling. File Explorer has received updates for improved address bar functionality, more readable file size formatting, and refinements to the renaming experience. Build 28020.2075 includes improved typing reliability with the ADLaM keyboard and enhanced clipboard history performance. Font improvements have been made for the Leelawadee UI font family. Build 29585.1000 features a streamlined voice typing experience with the touch keyboard, reducing distractions.

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

Winsage

May 4, 2026

20 must-know shortcuts for Windows laptops

Windows is the leading operating system for personal computers. Many users are unaware of keyboard shortcuts that can improve productivity. Essential keyboard shortcuts for Windows laptops include: - Ctrl + Shift + Esc: Opens Task Manager. - Win + . (Period): Accesses the emoji picker. - Win + V: Displays Clipboard History. - Win + Shift + S / Win + PrtScn: Snipping Tool for screen captures / captures the entire screen. - Win + D: Minimizes all open windows. - Alt + Enter: Displays properties of a selected file or folder. - Win + Arrow Keys: Snaps the active window to sides or corners of the screen. - Fn + F11: Enables fullscreen mode. - Win + G: Launches the Xbox Game Bar. - Alt + 0150/0151 (Number Pad): Types an en dash or em dash. - Win + P: Projects, duplicates, or extends display to additional monitors. - Win + R: Activates the Run tool. - Ctrl + Win + Shift + B: Restarts the GPU driver. - Win + K: Displays connected devices. - Win + Home: Minimizes all windows except the active one. - Shift + Fn + F10: Opens a context menu. - Win + L: Locks the computer. - Ctrl + Shift + T (Browser): Reopens recently closed browser tabs. - Ctrl + Shift + N: Creates a new folder. - Win + PauseBreak: Opens the system properties window.

Winsage

May 1, 2026

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft resolved an issue affecting the display of security warnings when opening Remote Desktop (.rdp) files across all supported Windows versions, including Windows 11, Windows 10, and Windows Server. This problem was particularly evident on devices with multiple monitors having different display scaling settings. The fix was included in the optional KB5083631 preview cumulative update for Windows 11. The issue arose after the installation of the April 2026 security update, which introduced security warnings to enhance protection against phishing attacks. Users reported misalignment and obscured buttons in the security dialog, making it difficult to interact with. Additionally, the April security updates caused issues with third-party backup applications on Windows 11 systems and led to restart loops and failures during update installations on Windows Server.

Winsage

April 28, 2026

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has identified an issue affecting the display of security warnings when users open Remote Desktop (.rdp) files across all supported versions of Windows, including Windows 11, Windows 10, and Windows Server. The security warning may not render correctly, making the text difficult to read and buttons misaligned, especially when multiple monitors with different display scaling settings are used. This issue often results in overlapping text or obscured buttons in the warning window. The problem is part of Microsoft's security enhancements introduced with the April 2026 cumulative updates, which aim to mitigate risks associated with malicious RDP connection files. Users receive a one-time educational prompt upon opening an RDP file for the first time, followed by a security dialog that provides information about the file's publisher and resource redirections. RDP files are commonly used in enterprise environments, but their exploitation in phishing campaigns has raised security concerns, particularly by groups like the Russian state-sponsored APT29.

AppWizard

April 25, 2026

Have a Samsung phone and PC? You need the new Galaxy Connect Windows app

The user expanded their Samsung ecosystem with a Galaxy Book 4 Edge and tested the Galaxy Connect application, which includes four features: Continue on other devices, Storage Share, Multi Control, and Second Screen. Multi Control allows users to connect their Samsung phone or tablet as a secondary display, enabling seamless control of the mobile device from the primary display. The Second Screen feature lets users utilize a Galaxy tablet as a wireless display for their Windows computer, reducing lag by connecting directly. Storage Share provides access to files on Samsung devices from the PC's File Explorer, and the Continue on other devices feature syncs the clipboard for easier two-factor authentication. Users with ARM-based PCs may face limitations, and some without Intel network adapters have reported issues with Galaxy Connect's functionality.