credentials Archives

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

AppWizard

April 16, 2026

Google Play is changing how Android apps access your contacts and location

Google has updated its Google Play policies to enhance user privacy and protect businesses from fraud. Starting in October, developers will have access to Play policy insights in Android Studio to help comply with new features. On October 27, the Play Console will implement pre-review checks for contact and location permissions. The Android Contact Picker will be the standard for accessing contacts, requiring apps to use it or privacy-focused alternatives. Developers must update their apps to use the picker and submit a Play Developer Declaration for ongoing contact access. A new location button will be introduced for precise location requests, and apps must use it for one-time access. Developers should review their location data requests and include the onlyForLocationButton flag if targeting Android 17 and above. The Play Console will also introduce an official account transfer feature for ownership changes, effective May 27, with a mandatory 7-day security cool-down period for transfers. Unofficial transfers are prohibited.

Tech Optimizer

April 16, 2026

MiningDropper Android Malware Exploits Lumolight App

Researchers at Cyble Research and Intelligence Labs (CRIL) have discovered an Android malware framework called MiningDropper, which is being used in various campaigns to distribute malicious payloads such as cryptocurrency miners, infostealers, Remote Access Trojans (RATs), and banking malware. Over 1,500 MiningDropper samples were detected in one month, with many showing minimal antivirus detection. MiningDropper operates as a multi-stage delivery framework that employs techniques like XOR-based obfuscation and AES encryption to evade detection. A recent variant uses a trojanized version of the Lumolight application as the initial infection vector, often spread through phishing links and fraudulent websites. The malware executes a series of stages, starting with decrypting an embedded asset and loading additional payloads, including a counterfeit Google Play update interface to deceive users. Two main campaign clusters have been identified: an infostealer campaign targeting Indian users by impersonating trusted entities, and a global campaign distributing the BTMOB RAT, which enables credential theft and device takeover. The final payload capabilities include extracting sensitive data, enabling full device compromise, facilitating financial fraud, and unauthorized cryptocurrency mining. MiningDropper's modularity allows it to adapt and scale across various campaigns while maintaining low detection rates.

Tech Optimizer

April 15, 2026

Bitdefender Total Security

Bitdefender Total Security includes features such as a network security inspector, advanced ransomware defense, a hardened browser, and an active Do Not Track system. It offers a two-tier pricing model: an individual subscription for .99 per year for five licenses and a family subscription for .99 for 25 licenses, which includes parental controls. The software features an interface similar to Bitdefender Antivirus Plus, with user-configurable buttons for quick access to features. It boasts high scores from independent antivirus testing labs and excels in malware protection and antiphishing tests. Bitdefender includes a SecurePass password manager, firewall protection, spam filtering, webcam protection, and cryptomining protection. The parental control features allow parents to manage their children's online activities, but they may not be as effective as dedicated solutions. Bitdefender Total Security provides protection for macOS and Android, with high ratings for its performance on these platforms. The Android app includes malware scanning, web protection, and anti-theft features. The Bitdefender Central app allows users to manage their security settings from mobile devices.

Tech Optimizer

April 15, 2026

Avast Antivirus: Free Protection Faces Rising AI Threats in Cybersecurity Market

Avast Antivirus offers a robust free version with premium features, providing high-quality protection against cyber threats, including viruses, spyware, and ransomware. Key features include Smart Scan, Password Manager, and Network Inspector, which help users identify vulnerabilities and safeguard their data. Avast has a global user base of over 435 million and is particularly relevant in the U.S., where data breaches affect millions annually. The company operates under Gen Digital, which acquired Avast in 2022, leveraging a freemium model to attract users and upsell advanced features. Avast focuses on AI-driven threat detection and maintains a strong market position against competitors like Norton and McAfee. The global cybersecurity market has surpassed 0 billion, driven by increasing threats, and Avast counters these with machine learning capabilities. Risks for Avast include zero-day exploits, privacy concerns, and competition from built-in OS protections. Avast's cloud-based updates and multilingual support enhance its appeal, while its integration with smart home devices is planned for the future.

Tech Optimizer

April 15, 2026

Connecting .NET Lambda to Amazon Aurora PostgreSQL via RDS Proxy

Many organizations are modernizing legacy .NET applications while reducing database costs and enhancing scalability, particularly during migrations to AWS Lambda and transitions from SQL Server to Amazon Aurora PostgreSQL-Compatible Edition. The process involves connecting Lambda functions to Aurora PostgreSQL using Amazon RDS Proxy, with AWS Secrets Manager managing secure credential storage. The architecture includes a .NET Lambda function interfacing with Aurora PostgreSQL via RDS Proxy, which provides connection pooling to minimize database connection overhead. The solution requires a CloudFormation template to provision resources such as a VPC with private subnets, an Aurora PostgreSQL cluster, RDS Proxy, and Secrets Manager. The RDS Proxy is configured with parameters including PostgreSQL engine family, idle client connection timeout, and Secrets Manager secret. A Windows EC2 instance is provisioned, and access is facilitated through AWS Systems Manager Fleet Manager. The solution includes creating a sample table named "employee" in the database and a new .NET Lambda project that utilizes Npgsql for database connections. The Lambda function is deployed using the AWS CLI, and testing involves invoking the function and retrieving logs from Amazon CloudWatch. Finally, resources created during the process should be deleted to prevent ongoing charges.

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

Winsage

April 15, 2026

Windows Update Warning: Fake Windows 11 24H2 Site Pushes Password-Stealing Malware

A sophisticated fake Windows update site has emerged, designed to mimic Microsoft’s branding to distribute malware, specifically targeting individuals seeking early access to Windows 11 version 24H2. The fraudulent site resembles a legitimate cumulative update download page, using familiar design elements to evade detection. The malware operates as an information-stealing entity, targeting saved passwords and browser sessions, potentially bypassing two-factor authentication. It transmits stolen credentials through encrypted channels to external servers. The installer uses legitimate packaging tools to minimize detection and employs obfuscated scripts within legitimate software components. The campaign modifies system startup entries and creates disguised shortcuts to maintain persistence. Researchers noted the use of a typosquatted domain and meticulously spoofed file properties. As of April 2026, Microsoft has not released Windows 11 version 24H2 to the public, and legitimate updates are only available through Windows Update. Users are advised to obtain updates exclusively through official channels and keep security features updated.

AppWizard

April 14, 2026

Mirax RAT Targets Android Devices Through Meta Apps

Mirax is a remote access Trojan (RAT) targeting Android devices in Spanish-speaking countries, identified by Outpost24's KrakenLabs in early March. It propagates fraudulent advertisements on Meta-owned applications, allowing cybercriminals to gain initial access. Mirax can interact with compromised devices in real time, converting them into residential proxy nodes through ads on platforms like Facebook and Instagram. It uses SOCKS5 protocol and Yamux multiplexing to establish proxy channels and uncover victims' IP addresses. The malware captures keystrokes, steals sensitive data, executes commands, and monitors user activity. It employs overlay pages to steal credentials and orchestrates distribution through Meta ads and GitHub for malicious APK files. Users are tricked into enabling installations from "unknown sources," and the malware disguises itself behind video playback features. Additionally, a threat actor has been offering Mirax as a malware-as-a-service (MaaS) on illicit forums, with subscription prices starting at ,500 for three months. This service is described as highly controlled and exclusive, primarily targeting Russian-speaking actors in underground communities.

Tech Optimizer

April 14, 2026

Fake Windows 11 24H2 Update Site Distributes Password-Stealing Malware

A recent discovery by Malwarebytes has identified a cyber threat involving a typosquatted domain that mimics official Microsoft support pages. This site uses authentic branding and KB-style reference numbers to deceive users into downloading what appears to be a legitimate cumulative update. The malware, once installed, operates stealthily, stealing passwords from browsers and active sessions, which allows attackers to bypass two-factor authentication. The stolen data is sent to external servers through encrypted channels. Initial scans showed zero detections by multiple antivirus engines due to the malware's obfuscated scripts. It also modifies system startup entries and creates disguised shortcuts for persistence. Microsoft has not yet released Windows 11 version 24H2 to general users, and updates should only be obtained through official channels to avoid potential threats.