cryptocurrency wallet Archives

BetaBeacon

December 8, 2025

Running Blockchain Games: Android Requirements & Compatibility

Blockchain games use distributed ledgers to store assets and data, including progress tracking and digital economies. Blockchain technology and cryptocurrency integration have transformed digital entertainment, leading to the development of popular Web3 RPG titles like Axie Infinity. Games built on blockchain networks require devices with minimum requirements for Android version compatibility, CPU and GPU performance, RAM, storage, wallet integration, network connectivity, security, and battery life.

AppWizard

December 8, 2025

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have identified two new families of Android malware, FvncBot and SeedSnatcher, as well as an upgraded version of ClayRat. FvncBot is designed to target mobile banking users in Poland, masquerading as a security application from mBank. It is built from scratch and includes features such as keylogging, web-inject attacks, screen streaming, and hidden virtual network computing (HVNC). It uses a crypting service called apk0day and communicates with a remote server at naleymilva.it.com. FvncBot requests accessibility permissions to operate with elevated privileges and can perform various malicious activities, including exfiltrating data and delivering overlays on targeted applications. SeedSnatcher is disguised as a cryptocurrency wallet app called Coin and is distributed via Telegram. It focuses on stealing cryptocurrency wallet seed phrases and can intercept SMS messages to capture two-factor authentication codes. It employs techniques like dynamic class loading and WebView content injection to evade detection and initially requests minimal permissions before escalating its access. The upgraded ClayRat malware now exploits accessibility services and default SMS permissions, allowing it to record keystrokes, capture screen content, and present deceptive overlays. It has been distributed through fraudulent phishing domains and dropper apps that impersonate legitimate services. The enhanced capabilities of ClayRat enable complete device takeovers and persistent overlays, making it a more significant threat than its previous version.

Tech Optimizer

November 1, 2025

maCERT Warns of Rapidly Spreading Spyware “Acreed”

maCERT, the Moroccan national cybersecurity agency, has issued an alert about a new spyware toolkit called Acreed, which emerged in February 2025. Acreed has become one of the most prevalent information stealers on the dark web, accounting for approximately 17% of underground cyber activity. Its primary function is to infiltrate computers and extract sensitive information, which is then sold or exploited by hackers. Acreed spreads through deceptive emails, infected advertisements, and pirated software downloads. It collects data such as usernames, passwords, browser information, cryptocurrency wallet details, and session tokens for cloud services. The data is transmitted to remote servers controlled by cybercriminals. The risks associated with Acreed affect both individuals and business networks. Recommendations to mitigate the threat include keeping antivirus software updated, monitoring for suspicious activity, avoiding unofficial software downloads, and being cautious with unsolicited emails. Users who suspect infection are encouraged to report it to maCERT for assistance.

AppWizard

October 28, 2025

Telegram Messenger Abused by Android Malware to Seize Full Device Control

Security researchers at Doctor Web have identified a sophisticated Android backdoor, named Android.Backdoor.Baohuo.1.origin, disguised as Telegram X, which has compromised over 58,000 devices globally, with around 20,000 active infections. The malware propagates through malicious websites posing as app catalogs and targets approximately 3,000 different models of devices. It features unprecedented control mechanisms via Redis database integration, allowing extensive manipulation of victims' accounts and devices, including hiding evidence of compromise and autonomously managing messaging functionalities. The malware extracts sensitive data, including SMS messages and clipboard contents, and uploads information to attacker servers every three minutes. Brazil and Indonesia are primary targets, with the malware available on third-party app stores under fraudulent identities.

AppWizard

October 26, 2025

Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control

A sophisticated backdoor known as Android.Backdoor.Baohuo.1.origin has been identified in malicious versions of the Telegram X messenger, granting attackers comprehensive control over victims’ accounts. This malware has compromised over 58,000 devices across approximately 3,000 smartphone models and other Android-based systems, primarily targeting users in Brazil and Indonesia. It spreads through misleading advertisements and third-party app stores, often masquerading as legitimate applications. The malware can exfiltrate sensitive information, manage user interactions, and manipulate messenger functionality without detection. It utilizes a Redis database for command-and-control operations, representing a novel approach in Android malware. The backdoor monitors clipboard contents and collects device information, sending data to attackers every three minutes while disguising its activities.

AppWizard

October 24, 2025

Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X

A new Android malware, identified as Android.Backdoor.Baohuo.1.origin, is disguised as counterfeit versions of the messaging app Telegram X. It has been labeled as one of the most sophisticated Android backdoors this year. The malware is distributed through online advertisements promising enhanced features and connects to remote servers to grant attackers full control over the user’s Telegram account. It can conceal unauthorized logins, erase chat traces, and manipulate app behavior in real-time using the Xposed framework. Over 58,000 devices have been infected, primarily in India, Brazil, and Indonesia. Baohuo communicates directly with a Redis database for command-and-control, allowing seamless operation even if primary servers are down. It can intercept clipboard data and perform regular check-ins on user activity. The malware has been found in third-party app stores, falsely attributed to Telegram’s developer. Users are advised to download Telegram only from official sources.

Tech Optimizer

October 21, 2025

Luma Infostealer Malware Launches Attacks to Steal Browser Cookies, Cryptocurrency, and Remote Access Accounts

Lumma Infostealer is a sophisticated information-stealing malware that targets high-value credentials and sensitive assets on Windows systems. It is distributed through a Malware-as-a-Service (MaaS) model, allowing inexperienced attackers to conduct data theft campaigns. Lumma is primarily deployed via phishing campaigns disguised as cracked or pirated software, often hosted on legitimate platforms like MEGA Cloud. Upon execution, Lumma uses a multi-stage decryption process and process injection techniques to activate its payload while evading detection. The latest samples utilize the Nullsoft Scriptable Install System (NSIS) as a deceptive installer, extracting malicious payloads into the %Temp% directory and launching a counterfeit document that triggers a sequence of commands to deploy Lumma’s core. Once activated, Lumma communicates with command-and-control servers (including rhussois[.]su, diadtuky[.]su, and todoexy[.]su) to gather stored browser credentials, session cookies, Telegram data, remote access configuration files, and cryptocurrency wallet information, which is then exfiltrated for exploitation. The malware avoids detection by checking for security solutions and has a modular architecture that complicates signature-based detection. Effective detection requires behavior-based Endpoint Detection and Response (EDR) systems that monitor real-time activities. To mitigate exposure, security professionals recommend avoiding storing credentials in browsers, enforcing multi-factor authentication (MFA), and monitoring suspicious processes. Indicators of Compromise (IoC) include: - E6252824BE8FF46E9A56993EEECE0DE6 - E1726693C85E59F14548658A0D82C7E8 - 19259D9575D229B0412077753C6EF9E7 - 2832B640E80731D229C8068A2F0BCC39 Command-and-control domains include: - diadtuky[.]su - rhussois[.]su - todoexy[.]su

Tech Optimizer

October 20, 2025

TikTok Videos Spread ClickFix Malware, Stealing User Credentials

Cybercriminals are increasingly using TikTok to spread malware through seemingly harmless videos that promise free software activations for applications like Windows, Spotify, or Netflix. These videos employ a technique called ClickFix, which tricks users into executing harmful PowerShell commands that install infostealers, compromising sensitive information such as login credentials and financial data. The malware can self-compile on the victim's device, making it harder to detect. Reports indicate a shift in these tactics from platforms like YouTube and Meta to TikTok, with over 30,000 websites compromised in related DNS malware campaigns. Artificial intelligence is also being used to create deceptive videos that resemble legitimate content, complicating the identification of malicious material. Android users face similar threats from apps impersonating popular services, such as WhatsApp or TikTok. Experts recommend enabling two-factor authentication, using reputable antivirus software, avoiding unverified commands, and adjusting privacy settings on TikTok to mitigate these risks.

Tech Optimizer

October 7, 2025

New Fully Undetectable FUD Android RAT Discovered and Publicly Released for Download on GitHub

A new Android Remote Access Trojan (RAT) has appeared on GitHub, described as fully undetectable and capable of bypassing advanced permission and background process restrictions in customized Chinese ROMs like MIUI and EMUI. This malware utilizes a multi-layer dropper to integrate its payload within legitimate applications, allowing it to overcome autostart restrictions and battery optimization features. Upon installation, it escalates privileges to gain comprehensive access to the device, using AES-128-CBC encryption for command-and-control communication to evade detection. The RAT can record and delete call logs, intercept voice calls, manipulate SMS messages, and capture keystrokes through a keylogger. It also has capabilities for live screen captures, camera access, audio and video recording, and clipboard hijacking. Additionally, it can encrypt files and lock the device, demanding a ransom for access. The malware employs social engineering tactics, such as spoofed notifications and phishing prompts, to facilitate credential theft. Its persistence mechanisms allow it to operate with minimal resource usage, making detection difficult. The attacker interface is web-based, enabling control from any standard browser without specialized infrastructure. The public release of this RAT raises concerns about the misuse of open-source repositories for distributing malicious tools, prompting calls for stricter oversight on platforms like GitHub.

Tech Optimizer

September 15, 2025

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

Chinese-speaking users are experiencing a sophisticated SEO poisoning campaign that uses counterfeit software sites to spread malware. Researchers from Fortinet FortiGuard Labs discovered this activity in August 2025, which involves manipulating search rankings to redirect users to fraudulent sites that deliver malware through trojanized installers. The malware families identified include HiddenGh0st and Winos, both variants of the Gh0st RAT, linked to a cybercrime group known as Silver Fox. The attack mechanism involves a script named nice.js that orchestrates the malware delivery process, leading to the installation of a malicious DLL, "EnumW.dll," which performs anti-analysis checks and extracts another DLL, "vstdlib.dll." This second DLL inflates memory usage to evade detection and is responsible for launching the main payload. The malware aims to sideload a DLL, "AIDE.dll," which establishes a Command-and-Control (C2) communication, collects victim data, and monitors user activity. Additionally, a separate campaign targeting Chinese-speaking users has been flagged by Zscaler ThreatLabz, featuring a new malware called kkRAT. This malware shares code similarities with Gh0st RAT and employs fake installer pages to deliver multiple trojans. It uses techniques to bypass security software and targets specific antivirus programs, including 360 Total Security and Kingsoft Internet Security. The installer launches shellcode that retrieves additional malicious payloads, including kkRAT, which can perform various data-gathering tasks and manipulate clipboard data to replace cryptocurrency addresses.