counterfeit Archives

Tech Optimizer

June 12, 2026

Fake verification pages are stealing Steam accounts from players

Online gamers are being warned about a scam targeting Steam accounts through counterfeit FACEIT verification pages that look authentic. These fraudulent sites feature official branding and functional links, tricking users into entering their passwords. The scam is particularly aimed at FACEIT players, as it exploits the connection between FACEIT and Steam, where players link their accounts. The scam starts with a website mimicking an official FACEIT page, claiming to offer free identity verification. Scammers use lookalike URLs, such as faceit-discord.com and faceit-clubs-verify.com, to deceive users. The site may display subtle errors, like conflicting copyright dates, and encourages users to click a “Sign in through Steam” button, which leads to a fake login window designed to steal user credentials. To protect against this scam, users should verify the website address, be cautious of blurry QR codes, treat urgent messages as suspicious, navigate directly to official sites, and consider using tools like Malwarebytes Browser Guard. If users have already entered their details, they should change their Steam password, enable Steam Guard, and check for unauthorized activity. The scam's effectiveness lies in its convincing presentation and the use of Browser-in-the-Browser attacks, which manipulate the perceived address bar.

Winsage

June 12, 2026

Vietnam launches first criminal case over pirated Windows, Office software

Authorities in Phu Tho province have initiated a criminal case regarding the illegal installation and use of copyrighted software, specifically targeting pirated Microsoft Windows and Office products. Formal charges for "infringement of copyright and related rights" have been made following urgent searches at five locations in Hanoi and Phu Tho. The investigation revealed that individuals and businesses were using various platforms to promote, distribute, and sell unlicensed software, including cracked software and counterfeit license keys. The inquiry began with Song Lam Trading and Service Co, whose director faces allegations of supplying 81 computers pre-installed with unauthorized software. An additional 350 computers linked to a local educational institution were also found to have illegal software activation. The implicated companies include Athena Vietnam Information Systems Co and Tek-Solution Technology Co, whose directors are under police scrutiny. Authorities estimate that the financial losses for copyright holders could reach tens of billions of đồng, and they have raised concerns about cybersecurity threats associated with illegally activated software.

Tech Optimizer

June 9, 2026

Fake ChatGPT download site infects Windows and Mac users with malware

A counterfeit website, openew[.]app, is impersonating OpenAI's official ChatGPT download page and distributing malware. Windows users who download from this site receive a credential-stealing malware loader, while macOS users are infected with Odyssey Stealer, a variant associated with cryptocurrency theft. The fake site mimics the legitimate ChatGPT interface and uses HTTPS to appear trustworthy. The Windows malware, Chat_GPT.exe, creates a back channel to an attacker-controlled server, while the macOS malware captures sensitive data and attempts to replace legitimate cryptocurrency wallet applications with compromised versions. Users who download from official sources remain safe, but those who click on ads or unfamiliar links risk compromising their online accounts and sensitive information. Malwarebytes offers protection against this malware. Indicators of compromise include specific file hashes and network indicators associated with the malicious site.

Tech Optimizer

June 9, 2026

Don’t get victimized by this updated version of the McAfee email scam

Cybercriminals are sending fraudulent McAfee renewal notices claiming users owe money for antivirus subscriptions they never purchased. These emails create a sense of urgency, warning that devices are unprotected or that charges will be processed automatically. The scams have become more sophisticated, using AI-generated emails and counterfeit invoices to appear credible. Although Microsoft is the most impersonated company, McAfee scams are on the rise, featuring messages about expiring or automatically renewed subscriptions costing hundreds of dollars. Victims are often misled into contacting scammers posing as customer-service agents, who may request sensitive information or control over their devices. McAfee advises customers to verify subscription status through their official website and not to respond to unsolicited emails. Warning signs of these scams include suspicious sender addresses, generic greetings, grammatical errors, unusually large charges, and urgent demands for action. The Federal Trade Commission warns consumers about tech-support and antivirus scams, urging them to report phishing emails and monitor accounts for unauthorized activity.

AppWizard

June 9, 2026

This New Computer Virus Is Disguising Itself As A Popular Video Game

Old-school gaming consoles are seeing a resurgence, but hackers are exploiting this trend with a malware campaign called "WeedHack," which emerged in January. This malware operates on a "Malware-as-a-Service" model, allowing users to purchase it to infect victims. WeedHack functions as a remote access infostealer, compromising computers to manipulate screens, access webcams, and steal sensitive data. It propagates by enticing users with unofficial "Minecraft" mods and clients, often using videos and download links as bait. Additionally, it employs "SEO poisoning" to promote fake websites as legitimate sources for these mods on platforms like Discord and Reddit. WeedHack disguises itself as a JAR file, similar to the official "Minecraft" client, and once executed, it installs its payload from Ethereum server domains. It can insert itself into antivirus exclusion lists, evading detection, and McAfee's tests show that Windows Defender is ineffective against it. The malware collects extensive information, including Wi-Fi networks and browser cookies, and grants hackers complete control over infected computers. The WeedHack virus serves as both malware and a training ground for aspiring hackers, structured into two tiers: a free version with core capabilities and a paid subscription for advanced features. A community has formed around WeedHack, offering tutorials, a Discord server, and a website for feature requests and custom payload creation. This community aspect lowers the barrier for newcomers, particularly targeting a younger audience that may not understand online safety.

AppWizard

June 8, 2026

NFCShare Android malware spreads via fake banking app updates on GitHub

New variants of the NFCShare Android malware are disguised as fake updates for legitimate banking applications and are targeting customers of various banks in Europe through a phishing campaign to steal sensitive payment card data. The malware prompts victims to place their cards near the NFC chip of their mobile devices, using Android’s IsoDep interface to read card information, including card number, type, expiry date, and a 4-digit PIN. The stolen data is exfiltrated to the attacker’s command-and-control host via a WebSocket channel. Recent attacks began on May 14, with victims directed to a phishing site that impersonates a legitimate bank and then to a GitHub repository hosting a malicious APK file. The repository has hosted 56 unique APKs impersonating banking applications primarily from Italy and Spain. The malware has evolved from initially targeting Deutsche Bank in Germany to a broader range of banks. The latest version features malformed APK packaging to complicate automated analysis. Users are advised to download banking applications only from Google Play and to be cautious of verification requests that ask for NFC card scans.

AppWizard

June 4, 2026

Teens are using $5 WeedHack malware to target Minecraft players

A recent cybersecurity analysis from McAfee Labs has revealed a malware campaign involving WeedHack, which has garnered over 116,000 hits and is accumulating 2,000 to 3,000 malicious hits daily. WeedHack is marketed as malware-as-a-service (MaaS) and is accessible on the internet, allowing individuals with minimal technical skills to use it for harmful activities. A dedicated Telegram channel for WeedHack has over 850 members, many of whom are teenagers and young adults using the malware for cyberbullying. The malware spreads primarily through YouTube videos promoting Minecraft mods, which often conceal the WeedHack malware. Additionally, bad actors use SEO poisoning tactics to elevate fake websites posing as legitimate Minecraft clients. McAfee lists several legitimate clients targeted by WeedHack, including Meteor Client, Radium Client, and Wurst Client. For an additional fee, attackers can access premium features like webcam access, keylogging, and file management. McAfee advises players to be cautious when downloading mods and to seek help from trusted adults if approached by individuals claiming to have compromised their systems.

AppWizard

June 3, 2026

Australia warns of crypto investment scams on messaging apps

Australia's financial regulatory authority, the Australian Securities and Investments Commission (ASIC), has issued a cautionary note about a rise in investment scams that exploit messaging apps and social media, particularly targeting younger individuals. These scams often start with enticing ads on social media promoting stock trading tips, leading victims to messaging apps where they are misled into thinking they are receiving legitimate investment advice from impersonated figures. Victims are then directed to counterfeit digital asset trading platforms, resulting in lost funds and additional withdrawal fees. Research from Moneysmart reveals that 23% of Australians aged 18 to 28 own digital assets, with 66% taking a speculative approach to investing, and 29% influenced by social media personalities. Additionally, 72% of Gen Z respondents encountered social media ads for digital assets, and 41% were approached to invest in cryptocurrencies. ASIC has proposed measures to mitigate risks, including avoiding sharing personal information from social media, verifying investment platforms through AUSTRAC, and acting quickly if something seems suspicious. The Australian Parliament passed a digital asset framework bill in April requiring digital asset platforms to obtain an Australian Financial Services License (AFSL) within a year to comply with new regulations.

Tech Optimizer

May 31, 2026

‘Your devices could be at risk’: how antivirus scams trade on fear

Many users receive emails claiming their McAfee antivirus protection is nearing expiration, offering an 89% renewal discount for same-day payment. These emails are not from McAfee but are attempts by cybercriminals to steal personal financial information. The emails often create a false sense of urgency and may contain inconsistent grammar and obscure sender addresses. Clicking links in these emails can lead to counterfeit websites designed to harvest personal data. Users are advised to verify their subscription directly on McAfee.com and report suspicious emails to McAfee and their email provider.

AppWizard

May 28, 2026

Fake ‘Cockroach Janta Party’ Android app flagged as critical malware threat, report warns

A cybersecurity report released on May 22, 2026, identifies a counterfeit Android application posing as the official app of the Cockroach Janta Party as a significant malware threat. The malicious app, known as Cockroach.Janta.Party, functions as a Remote Access Trojan (RAT) and can infiltrate Android devices, steal sensitive information, intercept communications, and control infected smartphones. The genuine Cockroach Janta Party has no affiliation with this app and is a victim of brand impersonation. The app is distributed through WhatsApp, Telegram, and misleading websites, particularly a rogue domain, cockroachjantaparty[.]org. It targets Android devices running versions 8.0 to 14 and requests elevated permissions, including access to camera, SMS, call logs, and contacts, while misusing the Android Accessibility Service to read on-screen content and grant itself additional permissions. The app contains multiple malicious modules for data exfiltration and uses a Command and Control infrastructure based on the Telegram Bot API. Users are advised to uninstall the app, disable Accessibility permissions, reset banking credentials, enable two-factor authentication, and conduct a full mobile security scan. The legitimate Cockroach Janta Party is encouraged to issue a formal clarification regarding the impersonation.