cryptocurrency Archives

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 25, 2026

Android Hackers Target 800 Banking, Crypto and Social Media Apps With ‘Near-Zero Detection Rates’: Zimperium

Android hackers are targeting over 800 applications in banking, cryptocurrency, and social media sectors, utilizing four active malware families: RecruitRat, SaferRat, Astrinox, and Massiv. These malware employ advanced techniques to evade detection and execute credential theft, unauthorized financial transactions, and data exfiltration. Attackers lure victims through phishing websites, fraudulent job offers, fake software updates, text-message scams, and promotional lures. Once installed, the malware can request Accessibility permissions, obscure app icons, obstruct uninstallation, and steal sensitive information through counterfeit lock screens. They can also capture one-time passcodes, stream device screens, and overlay fake login pages on legitimate applications. The malware uses HTTPS and WebSocket communications to blend malicious traffic with normal activity and may incorporate encryption layers to avoid detection.

AppWizard

April 23, 2026

Binance’s Android app is quietly running TikTok and WeChat SDKs alongside 13 other trackers

Security researchers have found that the Binance Android app includes SDKs from ByteDance and Tencent, along with 13 additional third-party trackers. This raises privacy concerns for users, as the TikTok SDK collects device fingerprints, behavioral signals, and potentially clipboard data, while the WeChat SDK adds functionalities not necessary for a financial trading platform. The incorporation of these SDKs could expose sensitive financial information. Under EU GDPR and FTC regulations, undisclosed telemetry in financial apps may be considered deceptive trade practices, potentially leading to regulatory repercussions for Binance. Users are advised to revoke permissions from the app or switch to the browser-based platform. The situation could prompt regulatory scrutiny and audits of cryptocurrency asset management apps.

AppWizard

April 17, 2026

New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps

Cybersecurity researchers from Zimperium zLabs have identified four families of Android malware—RecruitRat, SaferRat, Astrinox, and Massiv—targeting banking and cryptocurrency applications. These malware families can extract sensitive information from over 800 applications. They primarily use phishing and smishing to lure users into downloading malicious software. Phishing involves creating fake websites resembling legitimate login pages, while smishing uses urgent text messages with links to download harmful payloads. RecruitRat targets job seekers with fake employment websites, and SaferRat promises free access to premium video services. Astrinox mimics a business tool and has been linked to a fraudulent Apple App Store page, while Massiv's distribution methods remain unclear. Once installed, these malware applications initiate Overlay attacks, displaying counterfeit screens to capture user credentials. They also use a "blindfold" technique to obscure their activities by overlaying static images on the user's screen. The malware can intercept security codes, capture one-time passwords, and employ keylogging techniques. RecruitRat has a library of over 700 counterfeit login pages that activate with targeted apps. Researchers recommend avoiding links in urgent messages and downloading apps only from official sources.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

AppWizard

April 16, 2026

Binance Chat Enables Messaging and Crypto In One App

Binance has launched a new feature called Binance Chat within its app, which combines messaging, community interaction, and cryptocurrency transfers. Users can add contacts using unique chat IDs, engage in group discussions, and send crypto payments directly in conversations. The feature aims to streamline the user experience by consolidating communication and transactions into one platform. Users must accept contact requests to initiate conversations, enhancing security. Binance Chat is accessible immediately via the Binance app, although some features may be rolled out gradually and crypto transfer availability may vary by region.

Tech Optimizer

April 16, 2026

MiningDropper Android Malware Exploits Lumolight App

Researchers at Cyble Research and Intelligence Labs (CRIL) have discovered an Android malware framework called MiningDropper, which is being used in various campaigns to distribute malicious payloads such as cryptocurrency miners, infostealers, Remote Access Trojans (RATs), and banking malware. Over 1,500 MiningDropper samples were detected in one month, with many showing minimal antivirus detection. MiningDropper operates as a multi-stage delivery framework that employs techniques like XOR-based obfuscation and AES encryption to evade detection. A recent variant uses a trojanized version of the Lumolight application as the initial infection vector, often spread through phishing links and fraudulent websites. The malware executes a series of stages, starting with decrypting an embedded asset and loading additional payloads, including a counterfeit Google Play update interface to deceive users. Two main campaign clusters have been identified: an infostealer campaign targeting Indian users by impersonating trusted entities, and a global campaign distributing the BTMOB RAT, which enables credential theft and device takeover. The final payload capabilities include extracting sensitive data, enabling full device compromise, facilitating financial fraud, and unauthorized cryptocurrency mining. MiningDropper's modularity allows it to adapt and scale across various campaigns while maintaining low detection rates.

Tech Optimizer

April 15, 2026

Bitdefender Total Security

Bitdefender Total Security includes features such as a network security inspector, advanced ransomware defense, a hardened browser, and an active Do Not Track system. It offers a two-tier pricing model: an individual subscription for .99 per year for five licenses and a family subscription for .99 for 25 licenses, which includes parental controls. The software features an interface similar to Bitdefender Antivirus Plus, with user-configurable buttons for quick access to features. It boasts high scores from independent antivirus testing labs and excels in malware protection and antiphishing tests. Bitdefender includes a SecurePass password manager, firewall protection, spam filtering, webcam protection, and cryptomining protection. The parental control features allow parents to manage their children's online activities, but they may not be as effective as dedicated solutions. Bitdefender Total Security provides protection for macOS and Android, with high ratings for its performance on these platforms. The Android app includes malware scanning, web protection, and anti-theft features. The Bitdefender Central app allows users to manage their security settings from mobile devices.

AppWizard

April 15, 2026

Musk’s XChat Is Coming to App Store, Meta, Apple and Finance World Are Trembling

Elon Musk's XChat will launch on the App Store on April 17 as a standalone encrypted messaging application focused on privacy, featuring end-to-end encryption, no advertisements, and a no-tracking policy. Initially part of the X platform, XChat was developed to compete with messaging services like WhatsApp, Telegram, and Signal. The app allows global communication using X accounts without requiring phone numbers, offering cross-platform capabilities unlike iMessage. XChat utilizes a Rust-based architecture with advanced security features and plans to incorporate peer-to-peer transfers and cryptocurrency payments with X Money in 2026, potentially disrupting traditional payment systems. Additionally, it may leverage Grok AI to provide users with various lifestyle services, posing challenges to Google's advertising and search traffic.

AppWizard

April 13, 2026

Russia sees WeChat, Douyin as models for its homegrown Max messenger

Russia is developing the Max messaging application, inspired by Tencent's WeChat and Douyin, to compete with Telegram. The Kremlin is promoting Max as an alternative to Telegram, which has faced user resistance due to perceived limitations in functionality. Kiriyenko, CEO of VK, highlighted that Max will adopt an open platform model similar to WeChat, integrating third-party chatbots, and noted that 500,000 companies have already registered on the platform. The Russian government aims to establish a robust "platform economy" to boost economic growth, leveraging partnerships and innovative services. Kiriyenko also expressed interest in utilizing Douyin's e-commerce strategies involving short video content.