cybercriminals Archives

AppWizard

May 12, 2025

Beware: 2.5 Million Monthly Downloads of These Risky Android Apps Could Endanger Your Device!

The Kaleidoscope attack is an ad-fraud scheme targeting Android users by tricking them into downloading malicious versions of legitimate apps, primarily via third-party app stores. Approximately 2.5 million devices are infected each month, with notable occurrences in India, Indonesia, the Philippines, and Brazil. Users are advised to uninstall suspicious apps and avoid downloading from unverified sources to protect their devices.

AppWizard

May 11, 2025

Scrutinizing the security of messaging apps continues.

Customs and Border Protection (CBP) and the White House are facing scrutiny over security vulnerabilities in their messaging application. Hacktivists breached GlobalX, the airline handling U.S. deportation flights, exposing sensitive flight manifests. The FBI warned about threats exploiting outdated routers. Pearson confirmed a cyberattack compromising customer data. Research shows cybercriminals are using Windows Remote Management (WinRM) for lateral movements in Active Directory environments. A new email attack campaign is delivering a Remote Access Trojan (RAT) via malicious PDF invoices. A zero-day vulnerability in SAP NetWeaver allows remote code execution, affecting multiple sectors. An Indiana health system reported a data breach affecting nearly 263,000 individuals.

AppWizard

May 10, 2025

Beware! This Android ad scam is targeting 2.5M users monthly

A sophisticated ad fraud scheme called Kaleidoscope is affecting over 2.5 million Android devices each month, with India accounting for 20% of the total impacted devices. Other countries experiencing the effects include Brazil, Indonesia, and the Philippines. The scheme spreads through unofficial app stores and direct download links shared on social media and messaging platforms.

AppWizard

May 9, 2025

These dangerous Android apps are installed 2.5 million times each month

Kaleidoscope is an ad-fraud attack targeting Android users by exploiting legitimate applications on the Google Play Store and offering malicious duplicates through third-party app stores. Approximately 2.5 million devices are affected monthly, with 20% of incidents occurring in India, and other impacted regions include Indonesia, the Philippines, and Brazil. Users unknowingly download legitimate-looking apps while malicious versions circulate elsewhere, leading to intrusive advertisements that disrupt user experience and generate revenue for cybercriminals. Google has removed flagged titles from the Play Store and is enhancing protections, but ad resellers often fail to properly vet their inventory. The adware causes device overheating, rapid battery drain, and sluggish performance, highlighting the need for user vigilance.

AppWizard

May 9, 2025

You can now verify if your Mullvad VPN app is legit

Mullvad has introduced reproducible builds for its Android VPN application starting with version 2025.2, allowing users to confirm the legitimacy of the app before installation. Reproducible builds ensure that identical copies of the application can be recreated from the same source code, build environment, and instructions, providing assurance against unauthorized modifications. This decision follows a rise in malicious free VPN applications and malware distribution through counterfeit software. Currently, only the latest version of Mullvad's Android VPN app features this capability, with no confirmed plans for other platforms. Mullvad encourages technically skilled users to verify the builds and has provided instructions for the verification process.

Winsage

May 8, 2025

Ransomware hackers target a new Windows security flaw to hit businesses

Several ransomware groups, including RansomEXX and Play, are exploiting a zero-day vulnerability in the Windows Common Log File System to elevate system privileges and deploy malware. This flaw was identified and patched during Microsoft's Patch Tuesday update in April 2024.

AppWizard

May 7, 2025

Messaging app used by Mike Waltz suspends service after hacking

TeleMessage, a messaging application linked to former national security adviser Mike Waltz, has suspended its services following a reported hacking incident where sensitive files were accessed. The breach has raised serious concerns about the app's security protocols and could lead to a reevaluation of security measures across similar applications.

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.

Winsage

May 2, 2025

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

The tech community is celebrating the first "World Passkey Day," moving away from "World Password Day," with Microsoft and other organizations committing to the Passkey Pledge to promote passkey adoption. Microsoft has developed passkeys as a secure authentication method, replacing traditional passwords and allowing access via facial recognition, fingerprints, or PINs. Over 99% of users now prefer Windows Hello for sign-ins, and hundreds of websites support passkeys, which are resistant to phishing. Last year, there were 7,000 password attacks every second, highlighting the urgency of this transition. Microsoft has introduced passkey support for consumer applications, achieving nearly a million registrations daily, with passkey sign-ins being three times more successful and eight times faster than traditional methods. New Microsoft accounts will be created without passwords by default, and the sign-in process will prioritize passwordless methods. Currently, over 15 billion user accounts can use passkeys, with a goal to transition billions more.

Winsage

May 1, 2025

Windows Warning — Microsoft Confirms Old Passwords Still Work To Login

Microsoft has confirmed that users can log into their Windows accounts using old passwords that have been changed and revoked under certain conditions. This behavior is classified as a feature rather than a security vulnerability. The issue arises from the Remote Desktop Protocol (RDP), which allows remote access to Windows machines. An independent security researcher discovered that after changing his password, he could still access his machine using the old credentials, even from new devices. Microsoft's documentation was updated to explain that credentials are verified against a local cached copy before network authentication, allowing continued access with the old password. Microsoft stated that this design ensures at least one user account can always log in, regardless of system offline status, and confirmed there are no plans to change this behavior.