cryptocurrency Archives

AppWizard

May 21, 2026

This Free Steam Game Tricks Players Into Downloading Malware, Users Beware

Steam users are warned about the risks of downloading free games, particularly a compromised title called Beyond The Dark, which was a clone of the horror game Phasmophobia. This game contained malware named UnityPlayer.dll that activated upon launch, targeting saved passwords and cryptocurrency extensions in browsers. Users experienced instability and crashes while the malware operated in the background. It is recommended that those who downloaded the game delete associated files and perform a system scan, changing any potentially compromised passwords. Valve has removed Beyond The Dark from its storefront to prevent further downloads. Users are advised to scrutinize game descriptions, review feedback, and maintain reliable antivirus software to protect their personal information.

AppWizard

May 21, 2026

Binance’s Android app privacy fight is back in the spotlight

Binance is facing scrutiny regarding the data collection practices of its Android app, which some users believe functions more as a data collection tool than a trading platform. Concerns have been raised about the app's extensive permissions and tracking capabilities, with a report indicating the presence of numerous tracking components, including SDKs from TikTok and WeChat, and over 50 system permissions. Binance's privacy portal states that data is collected for account management, security, marketing, fraud prevention, and legal compliance. Despite this, there are questions about whether the data collection practices are proportionate to the app's intended functions. Binance has a history of legal issues, including a guilty plea in November 2023 that resulted in a .32 billion penalty for anti-money laundering violations. The exchange claims to tailor its privacy framework to regional regulations, but user concerns about the app's tracking capabilities persist. As of early 2026, Binance has over 300 million registered users, making any privacy-related disputes potentially impactful. The ongoing scrutiny may lead to gradual adjustments in Binance's practices rather than a complete overhaul.

AppWizard

May 20, 2026

Google’s AI Studio enables rapid Android app creation in minutes

Google has introduced enhanced web-based AI tools in its AI Studio platform, allowing users to generate complete native Android applications from natural-language prompts. This process enables individuals without programming skills to create installable APKs in minutes. The Build mode accepts plain-English descriptions to construct comprehensive native Android projects, which can then be customized in Android Studio. The tools support integration with third-party APIs and Web3 SDKs, allowing AI-generated apps to interact with blockchain functionalities. This development offers opportunities for the cryptocurrency sector, enabling decentralized finance protocols or wallet providers to create lightweight companion apps without extensive engineering teams. The integration with the Android ecosystem positions Google to reshape competitive dynamics in mobile app development. However, there are security concerns regarding the AI-generated code, particularly related to vulnerabilities in rapidly generated mobile apps that interact with smart contracts.

Winsage

May 20, 2026

MSHTA abuse helps malware hide in Windows processes

Bitdefender's research highlights the use of Microsoft's MSHTA utility in malware attacks, noting its default activation in Windows systems. Cybercriminals exploit MSHTA to execute malicious scripts under the guise of legitimate processes, linking it to various malware families like LummaStealer and PurpleFox. The study reports a rise in MSHTA-related detections, indicating a shift towards "living-off-the-land" tactics that utilize legitimate tools to evade security alerts. Social engineering is identified as a common entry point for attacks, employing deceptive methods such as fake software downloads and phishing links. MSHTA can retrieve and execute additional payloads through multi-stage chains, complicating detection efforts. The attacks target sensitive information, including credentials and financial data, and the continued presence of MSHTA poses risks as it allows threat actors to conceal malicious actions. To mitigate these threats, organizations are advised to restrict or disable legacy scripting tools and exercise caution with untrusted downloads. The report emphasizes the challenge of detecting unusual behaviors associated with legitimate utilities in the context of cyber threats.

AppWizard

May 19, 2026

Steam Game Sparks Controversy for Planting Malware on Users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was identified as an 'asset flip' by tech YouTuber Eric Parker. The game was found to contain malware hidden in a DLL file that targets users' cryptocurrency wallet information and Roblox account credentials. This incident follows a similar case in September 2025 involving a game called 'Blockbusters,' which also distributed malware. Following the exposé, Valve removed 'Beyond the Dark' from its platform within a day.

AppWizard

May 19, 2026

“I thought it was a Steam game”… Malicious code found planted on users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was misrepresented as a turn-based strategy game despite displaying characteristics of a first-person horror game. Tech YouTuber Eric Parker identified it as an 'asset flip' and revealed that it distributed malware designed to steal cryptocurrency wallet information and Roblox account credentials. The malware was embedded in a DLL file activated upon the game's execution. Following Parker's findings, Valve removed the game from its platform within a day. The gaming community has seen similar incidents, such as the 'Blockbusters' game in September 2025, which was involved in a malware scheme that stole cryptocurrency. Security experts advise caution when installing free games that appear hastily produced.

AppWizard

May 12, 2026

This devious Android malware has returned disguised as TikTok or streaming apps — and is now using blockchain to remain undetected

Researchers at ThreatFabric have identified a new variant of the TrickMo banking trojan, named TrickMo.C, targeting Android users in Europe since January 2026. TrickMo.C disguises itself as popular applications like TikTok and streaming services, using tactics such as phishing overlays to harvest login credentials and sensitive information. It can log keystrokes, record screens, livestream content, intercept SMS messages, suppress OTP notifications, modify the clipboard, filter notifications, and capture screenshots. The primary targets are in France, Italy, and Austria, allowing unauthorized access to bank accounts and cryptocurrency wallets. TrickMo.C distinguishes itself by using the TON network for communication, which enhances anonymity and complicates detection efforts.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 25, 2026

Android Hackers Target 800 Banking, Crypto and Social Media Apps With ‘Near-Zero Detection Rates’: Zimperium

Android hackers are targeting over 800 applications in banking, cryptocurrency, and social media sectors, utilizing four active malware families: RecruitRat, SaferRat, Astrinox, and Massiv. These malware employ advanced techniques to evade detection and execute credential theft, unauthorized financial transactions, and data exfiltration. Attackers lure victims through phishing websites, fraudulent job offers, fake software updates, text-message scams, and promotional lures. Once installed, the malware can request Accessibility permissions, obscure app icons, obstruct uninstallation, and steal sensitive information through counterfeit lock screens. They can also capture one-time passcodes, stream device screens, and overlay fake login pages on legitimate applications. The malware uses HTTPS and WebSocket communications to blend malicious traffic with normal activity and may incorporate encryption layers to avoid detection.