cybersecurity firm Archives

Tech Optimizer

May 20, 2025

Bitcoin stealer malware found in official printer drivers

Procolored, a printer manufacturer based in Shenzhen, has been accused of distributing malware designed to steal Bitcoin through its printer drivers. The malware, embedded in USB drivers, has reportedly stolen approximately 9.3 BTC, valued at over 3,000. A backdoor program in the compromised drivers can hijack wallet addresses copied to the clipboard. Users are advised to conduct system scans and consider a complete system reset. The issue was first highlighted by YouTuber Cameron Coward, whose antivirus software flagged the malware. Procolored denied the allegations but later acknowledged the problem, stating they removed the infected drivers and attributed the malware to a supply chain compromise. Cybersecurity firm G-Data confirmed the presence of two types of malware in the drivers.

AppWizard

May 8, 2025

Signal clone used by Trump team hacked, GlobalX flight data leaked

The messaging app TeleMessage, used by President Donald Trump’s national security advisor, has been suspended due to a reported security breach, raising concerns about the security of sensitive government communications. The app, a modified version of Signal, was halted after a hacker accessed message contents from its customized versions, although the communications of national security advisor Mike Waltz were reportedly not affected. TeleMessage's suspension follows a statement from its parent company, Smarsh, confirming an investigation into the security incident. Despite President Trump's criticism of Signal, the White House continues to defend it, highlighting its pre-installation on government devices. Concerns about privacy protections arise from TeleMessage's archiving features, which may compromise Signal's end-to-end encryption. Additionally, GlobalX, the airline involved in Trump’s deportation flights, experienced a hacking incident, resulting in the exposure of flight records and passenger lists.

AppWizard

May 6, 2025

Mike Waltz’s Cabinet Messaging App Goes Dark After Massive Hack

TeleMessage, an encrypted messaging application, has temporarily suspended its services following a security breach. The platform was used by dismissed national security adviser Mike Waltz during a Cabinet meeting, and a leaked image of his inbox showed conversations with notable figures such as Vice President JD Vance and Secretary of State Marco Rubio. The breach, reported by 404 Media, did not access messages among Cabinet members but compromised data from Customs and Border Protection, cryptocurrency firm Coinbase, and various financial institutions. The hacker claimed the breach was easy, completing it within 15-20 minutes. Signal, the platform from which TeleMessage archives messages, stated it cannot guarantee the security of unofficial versions. TeleMessage was acquired by U.S. company Smarsh last year for archiving communications. Following controversies, including Waltz's accidental inclusion in a group chat discussing a military operation, he was removed from his position, and President Trump expressed skepticism about using Signal for government communications.

AppWizard

May 6, 2025

TeleMessage suspends services after hackers claim breach

TeleMessage has temporarily suspended all services due to a reported security breach, with the parent company Smarsh investigating the incident. Customs and Border Protection (CBP) has discontinued using the app as a precaution. A hacker claimed to have accessed a centralized TeleMessage server and downloaded data, including a screenshot of the contact list for employees at Coinbase, which confirmed the authenticity of the screenshot but stated that customer data remained secure. Multiple U.S. government agencies have contracts with TeleMessage or related entities. Another hacker also claimed to have breached TeleMessage, providing evidence of their claims. The investigation into the breach is ongoing, and it is unclear if sensitive communications from U.S. officials were compromised.

AppWizard

May 5, 2025

Messaging app used by Trump official suspends operations after reported hack

National Security Advisor Michael Waltz was preparing for a television interview at the White House using the messaging app TeleMessage, which is currently facing a temporary suspension due to a security breach. The parent company, Smarsh, is investigating the incident and has halted all TeleMessage services while engaging an external cybersecurity firm. The breach reportedly involves the theft of data from messages sent via TeleMessage's versions of popular messaging platforms, but there is no indication that Waltz's messages were accessed. The White House has not responded to inquiries about the service suspension. Waltz was previously photographed using TeleMessage while communicating with various officials. Former President Donald Trump intends to nominate Waltz as the U.S. ambassador to the United Nations, with Secretary of State Marco Rubio serving as the interim national security advisor. Concerns have been raised about whether private messages are automatically deleted, potentially violating federal records-retention laws, and TeleMessage may compromise Signal's end-to-end encryption.

Winsage

April 29, 2025

Why CEO of $40 billion company that caused biggest-ever Windows outage wishes he had joined Microsoft before going to law school

Cloudflare CEO Matthew Prince reflected on his career decisions, expressing regret for not gaining experience at a larger company before pursuing graduate studies. He received job offers from companies like Yahoo, Microsoft, and Netscape but declined them to attend the University of Chicago Law School, aiming to become a cybersecurity lawyer. In an interview, he noted that working at a mid-sized company during the dot-com boom could have provided valuable experience and networking opportunities. Despite not regretting his later job rejections, he acknowledged that his law degree has been crucial for navigating legal challenges in his company. Prince believes that experiencing a dynamic work environment could have accelerated his career.

AppWizard

April 24, 2025

Trojanized Alpine Quest app geolocates Russian soldiers

Russian soldiers are facing a digital threat from a modified Android application, Alpine Quest, which has been tampered with to track their locations and extract sensitive information. The malware, known as Android.Spy.1292.origin, was embedded in an older version of the app and distributed as a free upgrade to Alpine Quest Pro via a fraudulent Telegram channel. Once installed, the trojan collects various types of information, including geolocation, downloaded files, phone numbers, and app versions, and can download additional modules to exfiltrate specific files. Additionally, researchers at Kaspersky discovered a backdoor hidden in counterfeit software updates for ViPNet, a secure networking suite. The malware, disguised as msinfo32.exe, connects to a command-and-control server to steal files and deploy more malicious components. On the Ukrainian side, Russian operatives are conducting a phishing campaign targeting Ukrainian officials and allies, using social engineering tactics to hijack Microsoft 365 accounts. Attackers contact victims via messaging apps, invite them to video calls, and trick them into providing OAuth codes, granting access to their accounts.

Tech Optimizer

April 9, 2025

Flaw in ESET Security Software Used to Spread Malware From ToddyCat Group

A vulnerability in ESET's software, designated as CVE-2024-11859, allows state-backed hackers to introduce a malicious dynamic-link library (DLL) that can be executed via the ESET antivirus scanner. This malicious code operates discreetly, avoiding detection by system alerts. ESET classified the issue as medium severity with a CVSS score of 6.8 out of 10 and urged users to update their systems promptly to mitigate risks.

AppWizard

March 31, 2025

Android users ALERT! Google has an update but you need to stop installing THESE apps?

Google's AI-driven threat detection and security measures blocked approximately 2.36 million policy-violating applications from being released on the Play Store last year. In February, Google removed hundreds of malicious applications that were infecting devices with adware and malware. Over 50 times more Android malware originates from internet-sideloaded sources compared to those found on the Play Store. Google is expanding its Play Protect feature across all applications and the upcoming Android 15 will introduce live threat detection. Sophos warned about PJobRAT malware, which can steal SMS messages, contacts, and files from infected Android devices. Experts advise against sideloading apps unless their legitimacy and security are certain.

AppWizard

March 28, 2025

Hackers target Taiwan with malware delivered via fake messaging apps

Recent research from cybersecurity firm Sophos has identified the use of PJobRAT malware targeting users in Taiwan through instant messaging applications SangaalLite and CChat, which mimic legitimate platforms. These malicious apps were available for download on various WordPress sites, now taken offline. PJobRAT, an Android remote access trojan first identified in 2019, has been used to steal SMS messages, contacts, device information, documents, and media files. The recent cyber-espionage initiative lasted nearly two years, affecting a limited number of users, indicating a targeted approach by the attackers. The latest version of PJobRAT lacks the ability to steal WhatsApp messages but allows attackers greater control over infected devices. The distribution method for these apps remains unclear, but previous campaigns involved third-party app stores and phishing pages. Upon installation, the apps request extensive permissions and provide basic chat functionalities. Sophos researchers note that threat actors often refine their strategies after campaigns, suggesting ongoing risks.