credentials Archives

Winsage

August 28, 2025

Hackers Abuse Microsoft Teams to Gain Remote Access With PowerShell-based Malware

Cybercriminals are increasingly targeting Microsoft Teams to deploy malware and gain control over victim systems, shifting from traditional email phishing attacks. They impersonate IT support staff in Teams chats to deceive employees into granting remote access. Attackers use newly created or compromised accounts with names like “IT SUPPORT

” to appear legitimate. They establish trust and persuade employees to install remote access software, allowing direct access to corporate networks. Recent incidents involve malware loaders like DarkGate and Matanbuchus, with attackers executing PowerShell commands to download malicious payloads designed for credential theft and remote code execution. The malware can designate its process as “critical” to evade detection and trick users into entering passwords through a legitimate-looking prompt. Analysis links these campaigns to the financially motivated threat actor known as Water Gamayun. Employees must be trained to verify unsolicited requests for credentials or software installations through separate communication channels.

Winsage

August 27, 2025

Windows 11 KB5064080 adds Backup app for organizations, fixes File Explorer and SMB share

Windows 11 KB5064080, an optional update for August 2025, is available for devices running Windows 11 23H2. It introduces the OneDrive-based Windows Backup app for organizations, which complements the existing consumer version. Users can download offline installers in .msu format from the Update Catalog. The Windows Backup for Organizations app securely saves user preferences, credentials, and personal files linked to the Microsoft Account, facilitating a seamless setup experience for new PCs. The organizational version may differ from the consumer edition, with administrators controlling the setup process and data storage. The update does not include a Windows 7-like Restore function. Users must manually check for and install the update via the Settings app, as it will not be automatically downloaded. The update also addresses several bugs affecting system applications, including issues with the Copilot key, USB device recognition, SMB share performance, ReFS deduplication and compression conflicts, Remote Desktop camera recognition, File Explorer display errors, and the disappearance of the “Ask to Use” approval prompt. Minor bug fixes related to Narrator and COSA profiles are included, with no major known issues reported.

Winsage

August 27, 2025

The (Microsoft) Windows Are Wide Open for Bad Actors

On October 14, Microsoft will cease support for Windows 10, impacting healthcare organizations that rely on legacy applications. Migrating to Windows 11 typically takes six to nine months and involves creating a new system image, testing applications, re-imaging devices, training staff, and rolling out the new OS. Microsoft will offer an Extended Security Updates (ESU) program for up to three years post-Windows 10 end-of-service, but many organizations struggle with maintaining a Microsoft Enterprise Agreement due to financial issues. Healthcare organizations often use 150 to 300 applications, making them vulnerable to cybercriminals, especially as the end of Windows 10 support approaches, with potential HIPAA violations looming. Cyber insurance implications arise, as claims may be denied if breaches occur due to unsupported systems, leading to increased premiums. Windows 11 includes enhanced security features like TPM 2.0 and a Diagnostic Data Viewer. Cybercriminals are expected to target Windows 10 users after support ends, emphasizing the need for organizations to plan their transition to mitigate risks.

AppWizard

August 26, 2025

77 Malicious Android Apps With 19M Installs Targeted 831 Banks Worldwide

Zscaler’s ThreatLabz team identified 77 malicious applications on the Google Play Store with over 19 million installations, which target financial institutions and compromise user data. A new variant of the Anatsa banking trojan, also known as TeaBot, now targets over 831 banks globally, up from 650, and has expanded its reach to countries like Germany and South Korea. Many of these apps disguise themselves as document readers, with some exceeding 50,000 downloads. The malware downloads the Anatsa payload after installation and uses Android’s Accessibility Services to automate malicious activities, including stealing financial information and facilitating fraudulent transactions. The malware employs techniques to evade detection, such as obfuscating its code and using corrupted ZIP archives. The most prevalent Android malware identified was Joker, found in nearly 25% of the analyzed applications, known for stealing contacts and device data. A smaller subset of apps contained “maskware,” which engages in credential theft and personal data collection.

AppWizard

August 26, 2025

Delete these two Android apps now: Experts warn they’re secretly stealing your personal data

Online security is a significant challenge due to the vulnerability of smartphones, which are targets for cybercriminals. Two Android applications, Wuta Camera and Max Browser, have been identified as threats associated with the Necro Trojan, a spyware that steals personal information and injects advertisements. Wuta Camera version 6.3.7.138 and later is free from malware, while users of Max Browser are advised to uninstall it immediately. The Necro Trojan, first identified in 2019, uses steganography to conceal malicious code, allowing it to evade security checks. Unofficial app versions from unauthorized sites also pose risks. To protect against these threats, users should keep apps updated, use trusted antivirus software, download from official app stores, remain vigilant, and be selective with app installations.

AppWizard

August 26, 2025

Dangerous Android banking trojan found lurking in malicious apps with 19 million installs — don’t fall for this

Zscaler’s ThreatLabs team discovered 77 malicious applications on the Google Play Store that accumulated 19 million downloads. These apps, disguised as utilities like PDF readers and flashlight tools, used fake reviews and misleading ads to attract users. Upon installation, they would download a malicious payload, including the Anatsa banking trojan, which overlays fake login screens to steal user credentials. Additionally, the Joker malware was found in 25% of these apps, capable of taking screenshots, accessing device information, and signing users up for premium services without consent. Users are advised to limit app installations, scrutinize reviews, activate Google Play Protect, and consider antivirus applications for enhanced security against malware.

AppWizard

August 25, 2025

Malicious Android apps with 19M installs removed from Google Play

Zscaler's ThreatLabs team discovered 77 malicious Android applications on Google Play that collectively garnered over 19 million downloads. The Anatsa (Tea Bot) banking trojan was identified as the main threat, evolving to target 831 banking and cryptocurrency apps. More than 66% of the malicious apps contained adware, while nearly 25% were infected with Joker malware, which can perform intrusive actions like sending texts and accessing sensitive information. A variant of Joker, named Harly, disguises itself within legitimate applications. Anatsa employs various evasion tactics, including using a decoy app to download its payload post-installation and altering package names to complicate detection. Following the findings, Google removed the identified malicious apps from the Play Store, and users are advised to ensure their Play Protect service is active and to take precautions if infected.

AppWizard

August 24, 2025

Free PC Game Downloads with WiFi4Games and the Best Alternative Platforms

WiFi4Games is a platform for downloading and playing PC games, designed for ease of use. To download games, users must visit the WiFi4Games website, sign up for a free account, search for a game, download the WiFi4Games client, and follow the installation process. The platform offers a selection of free multiplayer games, including Battle Royale titles, online racing and sports games, strategy-based multiplayer games, and arcade adventures. For installation, users need to download the WiFi4Games launcher, log in, choose a game, and select a directory for installation. Proper server setup is recommended for both Android and PC users to enhance download speeds. Alternatives to WiFi4Games include Origin, Ubisoft Connect, Microsoft Store & Xbox Game Pass, and Battle.net. To ensure safety, users should download only from the official site, use antivirus software, review game ratings, and keep the client updated. Common errors during downloads can be addressed by restarting the client, reinstalling the launcher, clearing cache, and verifying system compatibility.

Winsage

August 23, 2025

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

A new method allows attackers to extract Windows secrets and credentials without being detected by most Endpoint Detection and Response (EDR) solutions. This technique enables individuals with access to a Windows machine to gather credentials for lateral movement within a network. The Local Security Authority (LSA) manages sensitive information through two in-memory databases: the SAM database, which stores user credentials, and the Security database, which holds LSA secrets. Access to these databases requires interaction with the SAM and SECURITY registry hives, protected by Discretionary Access Control Lists (DACLs) that limit access to SYSTEM privileges. Attackers typically face detection when accessing the lsass.exe process memory, as EDR solutions monitor high-risk activities. Researcher Sud0Ru has introduced a method that bypasses these defenses by using the undocumented API NtOpenKeyEx with the REGOPTIONBACKUPRESTORE flag, allowing attackers to read the SAM and SECURITY hives without SYSTEM-level privileges. To avoid detection, attackers use the RegQueryMultipleValuesW API, which is less monitored by EDRs, to extract encrypted secrets from the hives. This approach allows the operation to occur entirely in memory, leaving no on-disk artifacts and evading typical security alerts.

AppWizard

August 22, 2025

Google’s Critical Tool Gets an App—Android Users Should Download It

Google Password Manager has launched a dedicated app for managing saved credentials, enhancing user accessibility without navigating complex settings. The app is compatible with the Pixel 10 lineup and offers a user-friendly interface with three main tabs: Passwords, Checkup, and Settings. It includes features like alerts for apps and websites supporting passkeys and maintains strong security with end-to-end encryption. The app is currently in the initial rollout phase and is available for both phones and tablets on Android.