cybercriminals Archives

Tech Optimizer

June 12, 2026

Fake verification pages are stealing Steam accounts from players

Online gamers are being warned about a scam targeting Steam accounts through counterfeit FACEIT verification pages that look authentic. These fraudulent sites feature official branding and functional links, tricking users into entering their passwords. The scam is particularly aimed at FACEIT players, as it exploits the connection between FACEIT and Steam, where players link their accounts. The scam starts with a website mimicking an official FACEIT page, claiming to offer free identity verification. Scammers use lookalike URLs, such as faceit-discord.com and faceit-clubs-verify.com, to deceive users. The site may display subtle errors, like conflicting copyright dates, and encourages users to click a “Sign in through Steam” button, which leads to a fake login window designed to steal user credentials. To protect against this scam, users should verify the website address, be cautious of blurry QR codes, treat urgent messages as suspicious, navigate directly to official sites, and consider using tools like Malwarebytes Browser Guard. If users have already entered their details, they should change their Steam password, enable Steam Guard, and check for unauthorized activity. The scam's effectiveness lies in its convincing presentation and the use of Browser-in-the-Browser attacks, which manipulate the perceived address bar.

AppWizard

June 12, 2026

Android users need to uninstall these apps ASAP as they are a security risk

Google will soon notify Android users when an app they installed has lost developer support. Currently, users only receive alerts from Play Protect for significant security threats or potentially harmful apps. The only way to discover if an app has been delisted is through external sources or by trying to install it on a new device. Recent findings in the Play Store indicate that Google is preparing to inform users when apps have been removed from the Play Store and will no longer receive updates. Abandoned apps pose significant security risks, as they may contain vulnerabilities that can be exploited by malicious actors. Google's new notifications aim to encourage users to uninstall unsupported apps to protect their personal data.

Tech Optimizer

June 9, 2026

Don’t get victimized by this updated version of the McAfee email scam

Cybercriminals are sending fraudulent McAfee renewal notices claiming users owe money for antivirus subscriptions they never purchased. These emails create a sense of urgency, warning that devices are unprotected or that charges will be processed automatically. The scams have become more sophisticated, using AI-generated emails and counterfeit invoices to appear credible. Although Microsoft is the most impersonated company, McAfee scams are on the rise, featuring messages about expiring or automatically renewed subscriptions costing hundreds of dollars. Victims are often misled into contacting scammers posing as customer-service agents, who may request sensitive information or control over their devices. McAfee advises customers to verify subscription status through their official website and not to respond to unsolicited emails. Warning signs of these scams include suspicious sender addresses, generic greetings, grammatical errors, unusually large charges, and urgent demands for action. The Federal Trade Commission warns consumers about tech-support and antivirus scams, urging them to report phishing emails and monitor accounts for unauthorized activity.

Tech Optimizer

June 4, 2026

How We Test Antivirus and Security Software

Most software applications clearly indicate their functionality, but the effectiveness of antivirus utilities is often less tangible. PCMag rigorously evaluates antivirus products through comprehensive tests that validate their claims, including real-world malware samples and various protective measures. Each antivirus tool is assessed based on its on-demand scanner and real-time monitor capabilities. PCMag compiles fresh malware samples annually, analyzing them to ensure they are suitable for testing. The testing process includes evaluating malware-blocking capabilities and web-level protection against known malware-hosting sites. Phishing site detection is also tested using recent URLs, and antispam testing has been simplified due to the effectiveness of email providers. Performance impact tests have been discontinued as modern security suites show improved efficiency. Firewall protection is evaluated through program control, exploit defenses, and overall resilience against malware. Parental control features are tested for effectiveness in content filtering and monitoring. Ransomware protection is assessed by releasing real-world samples in a controlled environment. PCMag monitors independent antivirus lab tests from various organizations, including AV-Test, AV-Comparatives, SE Labs, MRG-Effitas, and AVLab, to inform their reviews. An aggregate testing score is calculated to summarize lab results. Testing methodologies do not include VPN evaluations, which are covered separately.

AppWizard

June 4, 2026

Teens are using $5 WeedHack malware to target Minecraft players

A recent cybersecurity analysis from McAfee Labs has revealed a malware campaign involving WeedHack, which has garnered over 116,000 hits and is accumulating 2,000 to 3,000 malicious hits daily. WeedHack is marketed as malware-as-a-service (MaaS) and is accessible on the internet, allowing individuals with minimal technical skills to use it for harmful activities. A dedicated Telegram channel for WeedHack has over 850 members, many of whom are teenagers and young adults using the malware for cyberbullying. The malware spreads primarily through YouTube videos promoting Minecraft mods, which often conceal the WeedHack malware. Additionally, bad actors use SEO poisoning tactics to elevate fake websites posing as legitimate Minecraft clients. McAfee lists several legitimate clients targeted by WeedHack, including Meteor Client, Radium Client, and Wurst Client. For an additional fee, attackers can access premium features like webcam access, keylogging, and file management. McAfee advises players to be cautious when downloading mods and to seek help from trusted adults if approached by individuals claiming to have compromised their systems.

AppWizard

June 3, 2026

Fake Minecraft Mods Infect 116K Systems With WeedHack Malware

A malware campaign named WeedHack has impacted over 116,000 Minecraft players since its inception earlier this year, according to a report from McAfee. Cybercriminals are using SEO poisoning to exploit gamers searching for mods, particularly targeting those hosted on GitHub and creating deceptive web pages that mimic official mod sites. Notable affected projects include Meteor Client, Radium Client, Wurst Client, Aristois, LiquidBounce, and Impact Client. Attackers also produce polished YouTube videos to promote malware, with comments guiding viewers on installation and links to malicious sites. The malware operates in two tiers: a free tier that steals cookies and passwords, targets crypto wallets, captures screenshots, and extracts credentials, and a premium tier that offers advanced capabilities like webcam control and keylogging for a monthly fee. The accessibility of such malware is concerning, prompting Minecraft users to be cautious when searching for and installing mods.

AppWizard

June 3, 2026

Malware campaign targeting Minecraft users infects over 116,000 systems

A recent investigation by McAfee researchers has identified a Malware-as-a-Service (MaaS) operation called WeedHack, which targets Minecraft users. Since its launch in January 2026, WeedHack has compromised over 116,000 systems, with 2,000 to 3,000 new infections daily. The operation uses YouTube and SEO poisoning to distribute malware, promoting Minecraft mods and utilities through videos. WeedHack is accessible for free, with premium features available at low costs. The malware targets Minecraft session IDs, collects system information, and extracts credentials from various platforms. It includes a web-based dashboard for tracking infections and offers tools for injecting malware into legitimate mods. The operation has also been linked to incidents of cyberbullying among its users. McAfee advises caution when engaging with Minecraft-related content on YouTube.

AppWizard

June 3, 2026

Weedhack malware campaign infects 116,000 mod-hungry Minecraft players systems through SEO poisoning and YouTube

Cybercriminals are using YouTube to distribute malware targeting Minecraft users, identified as Weedhack by McAfee Labs. This malware disables security defenses and allows attackers remote access to infected computers. The campaign offers both free and paid versions, making it accessible, especially to younger audiences. It also has the capability to steal Minecraft accounts, increasing its appeal.

AppWizard

June 3, 2026

Fake ‘Minecraft’ Mods Bring Malware to as Many as 116,000 Players

The "Minecraft" community is facing a cybersecurity threat from a malware operation called WeedHack, which disguises itself as fake mods to lure players into downloading it. This operation, run by a teenager, has affected over 116,000 players and uses social engineering tactics to distribute malicious mods, cheats, and clients. WeedHack spreads through trusted channels, including YouTube, and employs search engine optimization poisoning to mislead users. The malware operates by disseminating malicious Java Archive files that appear legitimate, compromising devices to extract sensitive information such as session IDs, browser cookies, and cryptocurrency wallet data. It can also steal credentials for applications like Discord, Steam, and Telegram, and includes remote control features for surveillance and keylogging. Approximately 2,000 new infections occur daily, primarily affecting users in the United States, Germany, India, the United Kingdom, and Italy. The low cost of access to this malware has led to its use by teenagers for online bullying and harassment.

Tech Optimizer

May 31, 2026

‘Your devices could be at risk’: how antivirus scams trade on fear

Many users receive emails claiming their McAfee antivirus protection is nearing expiration, offering an 89% renewal discount for same-day payment. These emails are not from McAfee but are attempts by cybercriminals to steal personal financial information. The emails often create a false sense of urgency and may contain inconsistent grammar and obscure sender addresses. Clicking links in these emails can lead to counterfeit websites designed to harvest personal data. Users are advised to verify their subscription directly on McAfee.com and report suspicious emails to McAfee and their email provider.