cybercrime Archives

AppWizard

November 21, 2025

SRS #255 Ryan Montgomery – Roblox & Minecraft: Hacker Exposes the Larg

Ryan Montgomery is a leading ethical hacker and penetration tester, ranked #1 on TryHackMe's Capture The Flag leaderboard. He is the founder of Pentester, a cybersecurity platform in Boca Raton, Florida, providing tools for vulnerability scanning, data breach detection, and risk mitigation. As Chief Technology Officer of the Sentinel Foundation, he collaborates with law enforcement to combat child exploitation and human trafficking, often infiltrating dark web sites to expose predators. Montgomery has over 19 years of experience in cybersecurity, focusing on ethical hacking, data protection, and online safety. His work aims to protect vulnerable populations and dismantle predatory networks.

Tech Optimizer

November 20, 2025

5 Black Friday security software deals you can’t afford to miss: quality savings on all your security essentials

Consumers can find significant savings on security software during Black Friday, with discounts of 50% or more. Notable offers include: - Bitdefender's annual subscription for £19.99 in the UK, providing comprehensive security against cyber threats. - NordPass password manager for £0.95 per month for UK customers, enhancing password management and security. - Incogni's data removal service for £9.90 per month in the UK, helping users remove personal data from online databases. - Parental control solutions for monitoring children's online activities. - Proton Mail's secure email service for £2.04 per month for UK users, focusing on privacy and security. Additionally, there are offers on cloud storage solutions for data backup and accessibility.

Tech Optimizer

November 20, 2025

Why Your Apple Device Isn’t as Invincible as You Think

Many Apple users believe that their devices are nearly impervious to malware and cyber threats, but this is a misconception. While macOS has built-in protections like Gatekeeper and XProtect, no system is completely foolproof. Cybercriminals are increasingly targeting Macs, and users can fall victim to phishing schemes, ransomware, and other malware. Antivirus software for Mac provides an additional layer of defense, detecting malware and blocking phishing attempts. It can also protect sensitive information and offer features like secure browsing and Wi-Fi protection. Regular software updates and cautious behavior are essential for security, but relying solely on these measures is risky. Integrating antivirus into security routines is a practical step to minimize risks.

Tech Optimizer

November 14, 2025

Beware of Fake Bitcoin Tool That Hides DarkComet RAT Malware With it

A recent malware campaign has seen attackers disguising the DarkComet remote access trojan as Bitcoin-related applications to target cryptocurrency users. DarkComet RAT allows attackers to gain extensive control over compromised systems, despite its original creator discontinuing it years ago. The malware features capabilities such as keystroke logging, file theft, webcam surveillance, and remote desktop control, posing significant risks to users. The malicious file was distributed as a compressed RAR archive named “94k BTC wallet.exe,” which helps evade email filters. Security analysts at Point Wild discovered that the malware ensures persistence by copying itself to %AppData%RoamingMSDCSCexplorer.exe and creating a registry key for automatic execution at system startup. It attempts to connect to a command-and-control server at kvejo991.ddns.net over TCP port 1604. The malware injects its payload into legitimate Windows processes to perform keylogging and screen capture while remaining undetected. Captured keystrokes are stored in log files and exfiltrated through the command-and-control channel. Users are advised to avoid downloading cryptocurrency tools from untrusted sources and to keep security software updated.

Tech Optimizer

November 6, 2025

DragonForce Cartel Emerges Following Conti v3 Ransomware Source Code Leak

Acronis Threat Research Unit (TRU) analyzed the DragonForce ransomware cartel, which emerged in 2023 as a Ransomware-as-a-Service (RaaS) operation and transitioned to a cartel model. DragonForce utilizes leaked Conti v3 code and has similarities with LockBit Green in encryption and backend configurations. By early 2025, it rebranded as the “DragonForce Ransomware Cartel,” offering affiliates 80 percent profit shares and infrastructure support. The cartel has over 200 victims from various sectors since late 2023 and is known for its attack on Marks & Spencer, collaborating with Scattered Spider. DragonForce employs bring-your-own-vulnerable-driver (BYOVD) techniques to evade endpoint protection and has improved its encryption methods. The group has spawned offshoots like Devman and Mamona, which utilize its enhanced encryptor.

Tech Optimizer

November 4, 2025

3,000+ YouTube videos deliver malware disguised as free software

YouTube has been identified as a platform for a sophisticated malware distribution network known as the Ghost Network, which has been active since 2021 and surged in activity in 2025. This network uses over 3,000 videos disguised as software cracks and game hacks to spread information-stealing malware, targeting users searching for free software or cheat tools. Cybercriminals utilize compromised accounts and social engineering tactics to create a false sense of security, with videos featuring positive comments from fake accounts. The malware includes programs like Lumma Stealer, Rhadamanthys, StealC, and RedLine, which harvest sensitive information. Two significant campaigns were highlighted: one involved the Rhadamanthys infostealer through a channel with nearly 10,000 subscribers, and the other offered cracked software via a channel with around 129,000 subscribers, with one video gaining over 291,000 views. Users are advised to avoid cracked software, use strong antivirus protection, never disable antivirus software, be cautious with links, use password managers and two-factor authentication, keep systems updated, and utilize trusted data removal services to protect against these threats.

BetaBeacon

November 3, 2025

Google Declares Android as the Most Secure Mobile OS: A Game Changer in Mobile Cybersecurity

Android devices benefit from a robust, AI-powered security infrastructure that actively defends against billions of cyber threats each week.

Winsage

October 31, 2025

Windows zero-day actively exploited to spy on European diplomats

A China-linked hacking group, identified as UNC6384 or Mustang Panda, is exploiting a Windows zero-day vulnerability (CVE-2025-9491) to target European diplomats, particularly in Hungary, Belgium, Serbia, Italy, and the Netherlands. The attacks are initiated through spearphishing emails that disguise malicious LNK files as legitimate invitations to NATO and European Commission events. Once activated, these files allow the deployment of the PlugX remote access trojan (RAT), enabling persistent access to compromised systems for surveillance and data extraction. The vulnerability requires user interaction to exploit and resides in the handling of .LNK files, allowing attackers to execute arbitrary code remotely. As of March 2025, the vulnerability is being exploited by multiple state-sponsored groups and cybercrime organizations, but Microsoft has not yet released a patch for it. Network defenders are advised to restrict the use of .LNK files and block connections from identified command-and-control infrastructure.

AppWizard

October 30, 2025

NFC Relay Attack: 700+ Android Apps Harvest Banking Login Details

Researchers at zLabs have identified over 760 malicious Android applications that exploit Near Field Communication (NFC) technology to steal banking credentials and facilitate fraudulent transactions. This cybercrime campaign has expanded from isolated incidents in April 2024 to a widespread operation targeting financial institutions in countries including Russia, Poland, the Czech Republic, Slovakia, and Brazil. The malware utilizes social engineering tactics by impersonating around 20 legitimate banking institutions and government services, such as VTB Bank, Tinkoff Bank, and the Central Bank of Russia. The malware ecosystem is supported by over 70 command-and-control servers and private Telegram channels for data exfiltration. Attackers deceive victims into granting dangerous NFC permissions, allowing the malware to intercept payment data during contactless transactions. Some campaigns use paired applications for data extraction and fraudulent purchases, while others focus solely on data exfiltration. The malware maintains communication with its command-and-control infrastructure, enabling real-time relay attacks to conduct transactions using victims' payment credentials. The rapid spread of this NFC-based payment malware highlights the adaptability of cybercriminals as contactless payment technologies become more common. Financial institutions are urged to enhance fraud detection systems, mobile device manufacturers should tighten NFC permission controls, and users are advised to be cautious when granting NFC access to applications.

Tech Optimizer

October 21, 2025

Luma Infostealer Malware Launches Attacks to Steal Browser Cookies, Cryptocurrency, and Remote Access Accounts

Lumma Infostealer is a sophisticated information-stealing malware that targets high-value credentials and sensitive assets on Windows systems. It is distributed through a Malware-as-a-Service (MaaS) model, allowing inexperienced attackers to conduct data theft campaigns. Lumma is primarily deployed via phishing campaigns disguised as cracked or pirated software, often hosted on legitimate platforms like MEGA Cloud. Upon execution, Lumma uses a multi-stage decryption process and process injection techniques to activate its payload while evading detection. The latest samples utilize the Nullsoft Scriptable Install System (NSIS) as a deceptive installer, extracting malicious payloads into the %Temp% directory and launching a counterfeit document that triggers a sequence of commands to deploy Lumma’s core. Once activated, Lumma communicates with command-and-control servers (including rhussois[.]su, diadtuky[.]su, and todoexy[.]su) to gather stored browser credentials, session cookies, Telegram data, remote access configuration files, and cryptocurrency wallet information, which is then exfiltrated for exploitation. The malware avoids detection by checking for security solutions and has a modular architecture that complicates signature-based detection. Effective detection requires behavior-based Endpoint Detection and Response (EDR) systems that monitor real-time activities. To mitigate exposure, security professionals recommend avoiding storing credentials in browsers, enforcing multi-factor authentication (MFA), and monitoring suspicious processes. Indicators of Compromise (IoC) include: - E6252824BE8FF46E9A56993EEECE0DE6 - E1726693C85E59F14548658A0D82C7E8 - 19259D9575D229B0412077753C6EF9E7 - 2832B640E80731D229C8068A2F0BCC39 Command-and-control domains include: - diadtuky[.]su - rhussois[.]su - todoexy[.]su