cybercriminals Archives

AppWizard

March 22, 2026

Russian hackers hack messengers, Signal and WhatsApp under attack

Hackers with ties to Russian intelligence have intensified efforts against users of messaging platforms like Signal, infiltrating thousands of accounts, as reported by the FBI and CISA. The main targets include current and former U.S. government officials, military personnel, political figures, and journalists. The hackers used advanced techniques to bypass security, tricking users into revealing security codes through sophisticated phishing campaigns. Signal confirmed that their encryption and infrastructure remain secure despite these attacks. This rise in cyber threats is part of a broader trend involving increased activities from pro-Iranian and Russian hackers targeting the U.S. and its allies.

AppWizard

March 20, 2026

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google has introduced a new "advanced flow" for Android sideloading, which includes a mandatory 24-hour waiting period for users installing applications from unverified developers. This follows a developer verification mandate requiring all Android applications to be registered by verified developers to help identify malicious actors and reduce malware distribution. The new sideloading protocol aims to mitigate risks from cybercriminals who may deceive users into disabling Play Protect, Google's anti-malware feature. Over 50 app developers and marketplaces, including F-Droid and Brave, have expressed concerns about the registration requirements, arguing they could create barriers and raise privacy issues. Google has outlined a one-time process for sideloading apps, which includes enabling developer mode, confirming voluntary sideloading, restarting the device, waiting 24 hours, and using biometric authentication or a PIN to install apps. Google plans to introduce free "limited distribution accounts" for hobbyist developers and students to share apps with up to 20 devices without needing government-issued IDs or registration fees. This process will not apply to installations via the Android Debug Bridge (ADB) and is set to be available in August 2026, ahead of new developer verification requirements. This announcement comes as a new Android malware, Perseus, targets users in Turkey and Italy, with at least 17 distinct Android malware families identified in the past four months.

Tech Optimizer

March 19, 2026

ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain

The ransomware group LeakNet has evolved its tactics, increasing its average targets from three per month and shifting from purchasing stolen network access to launching its own campaigns. They now use deceptive error screens and a new tool that executes malicious code in a computer's memory. Their strategy includes ClickFix lures, which compromise legitimate websites to display fake security checks, tricking users into executing malicious commands. This method broadens their victim reach and reduces costs. The Deno loader, part of this strategy, collects machine information and retrieves additional malicious code without leaving standard files, making detection difficult. After infiltrating a network, LeakNet checks for active user credentials and uses PsExec for lateral movement, employing Amazon S3 buckets for payload staging and data exfiltration. Defenders are advised to monitor for suspicious behavior rather than just known malicious files, focusing on unusual web commands and unexpected cloud storage connections.

AppWizard

March 19, 2026

RUSSIA Mammut virus hits Russia’s patriotic messaging app

A virus known as Mamont is targeting users of the messaging platform Max, which has 100 million registered profiles. Mamont infiltrates online banking applications and spreads primarily through family and parental chat groups, allowing cybercriminals to steal payment information. The virus often begins with a deceptive message prompting users to click, leading to the silent download of a Trojan that siphons off data. Despite claims from the Max press service that the virus's spread is exaggerated, concerns remain about the security of user data, particularly given that all communications on Max are monitored by the state. Many users resort to using a second device, referred to as Maxofon, to comply with the platform's requirements while keeping their primary device for other applications.

Tech Optimizer

March 16, 2026

What Is a Crypto Miner Virus?

A crypto miner virus, or cryptojacking malware, secretly uses a device’s CPU or GPU to mine cryptocurrency for an attacker, leading to increased electricity costs and potential hardware damage for the victim. It typically infects devices through phishing emails, pirated software, compromised websites, and malicious browser extensions. Monero is the preferred cryptocurrency for mining due to its efficiency on standard CPUs and privacy features. Signs of infection include overheating, high CPU usage, and increased electricity bills. Detection involves monitoring system performance and running antivirus scans. Prevention includes using antivirus software, keeping systems updated, and avoiding pirated software. Notable incidents include attacks on a European water utility and the Los Angeles Times website.

AppWizard

March 13, 2026

The FBI is looking for victimized Steam users who downloaded games with hidden malware — Investigation underway into multiple infected titles from 2024 to 2026

The FBI is investigating malware-infested games on Steam that may have affected players between 2024 and 2026. Affected individuals are encouraged to come forward confidentially. Notable games under scrutiny include Chemia, Dashverse / DashFPS, Lampy, Lunara, PirateFi, Tokenova, and BlockBasters, the latter of which reportedly siphoned off ,000 in cancer donations from a streamer. Cybercriminals exploit players logged into multiple platforms, compromising their online presence and Steam libraries. Valve is working to combat these threats, but the volume of new releases can overwhelm their vetting system. The FBI urges reporting relevant information to assist in prosecuting offenders. Affected individuals can fill out a form on the FBI's website or email Steam_Malware@fbi.gov to report incidents.

AppWizard

March 13, 2026

FBI Investigating After Malware Found Lurking in Steam PC Games

The FBI is investigating malware hidden in several video games on the Steam platform, targeting users from May 2024 to January 2026. The investigation includes games like BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, and Tokenova, with some previously removed from Steam for malicious content. Steam had over 132 million monthly active users and more than 117,000 games in 2025. The FBI is reaching out to affected gamers, ensuring victim confidentiality and potential eligibility for services under federal and state law. This incident is part of a broader trend of malware targeting gamers, with previous cases involving fan games and cheat software affecting millions of accounts.

AppWizard

March 11, 2026

Russian Hackers ‘Targeting Messaging Apps,’ Dutch Spies Say

Russian hackers are targeting messaging applications used by Dutch officials, including WhatsApp and Signal, as part of a global cyber campaign. They aim to infiltrate conversations of high-ranking officials, military personnel, and civil servants. Hackers are using tactics such as impersonating the Signal Support chatbot to obtain security credentials and exploiting the "linked devices" feature to access messages. The AIVD warns that this could lead to significant privacy and security breaches. Peter Reesink, director of military intelligence, cautions against using these apps for sensitive communications, echoing a Pentagon memo advising against the use of Signal due to threats from Russian hackers.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.