cybersecurity risks Archives

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 1, 2026

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers have identified a campaign that exploits WhatsApp attachments to infiltrate Windows machines, allowing attackers remote control. The attack uses social engineering tactics, where users receive a seemingly benign .vbs (Visual Basic Script) file that can be executed on Windows. This method does not rely on software vulnerabilities but on persuading victims to execute the malicious file. Attackers manipulate built-in Windows tools to download further malware, employing a technique known as living off the land (LOTL) to avoid detection. The malware seeks to elevate its privileges to administrator status, modifying User Account Control (UAC) prompts and registry settings for persistence. An unsigned MSI (Microsoft Installer) is deployed to establish remote-access software, granting continuous access to the compromised machine.

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.

Winsage

February 12, 2026

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft released security updates on the second Tuesday of each month, addressing 59 vulnerabilities this month, including six critical zero-day exploits. 1. CVE-2026-21510: Windows Shell security feature bypass vulnerability (CVSS score 8.8) allows attackers to circumvent Windows SmartScreen by tricking users into opening malicious links or shortcuts. 2. CVE-2026-21513: MSHTML Framework security feature bypass vulnerability (CVSS score 8.8) enables attackers to weaken browser protections by persuading users to open malicious HTML files or shortcuts. 3. CVE-2026-21514: Microsoft Word security feature bypass vulnerability (CVSS score 5.5) allows attackers to exploit untrusted inputs in malicious Word documents to execute blocked content. 4. CVE-2026-21519: Desktop Window Manager elevation of privilege vulnerability (CVSS score 7.8) allows low-privileged attackers to gain higher privileges without user interaction. 5. CVE-2026-21525: Windows Remote Access Connection Manager denial-of-service vulnerability (CVSS score 6.2) can be exploited by unauthenticated local attackers to crash the service without compromising confidentiality or integrity. 6. CVE-2026-21533: Windows Remote Desktop Services elevation of privilege vulnerability (CVSS score 7.8) allows local authenticated attackers to escalate privileges to SYSTEM without user interaction. Additionally, Azure users should be aware of two critical vulnerabilities with CVSS ratings of 9.8.

Tech Optimizer

February 11, 2026

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers have identified a malware campaign that exploited Hugging Face's AI infrastructure to distribute Android banking trojans. The attackers used a deceptive app called TrustBastion, which tricked users into installing what appeared to be legitimate security software. Upon installation, the app redirected users to an encrypted endpoint that linked to Hugging Face repositories, allowing the malware to evade traditional security measures. The campaign generated new malware variants every 15 minutes, resulting in over 6,000 commits in about 29 days. It infected thousands of victims globally, particularly in regions with high smartphone banking usage but lower mobile security awareness. The operation is believed to be linked to an established cybercriminal group. Security experts warn that this incident highlights vulnerabilities in trusted platforms and calls for improved security measures, including behavioral analysis systems and verification of application authenticity. The incident has also sparked discussions about the need for enhanced security protocols for AI platforms.

Winsage

December 11, 2025

December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices

Microsoft has released a security update addressing 57 vulnerabilities, including three critical zero-day exploits. The update targets vulnerabilities in Windows 10, Windows 11, Windows Server, Office, and related services. Specific vulnerabilities fixed include: - CVE-2025-62221: A privilege escalation vulnerability in the Windows Cloud Files Mini Filter Driver. - CVE-2025-64671: A remote code execution vulnerability affecting GitHub Copilot for JetBrains. - CVE-2025-54100: A remote code execution issue within Windows PowerShell. PowerShell now provides warnings when the Invoke-WebRequest command fetches web pages without safe parameters to prevent unintended script execution. Users can apply the latest updates by checking Windows Update in Settings, downloading, and installing the updates, and ensuring their system is up to date.

Tech Optimizer

December 3, 2025

Fileless protection explained: Blocking the invisible threat others miss

Fileless malware operates within a computer's active memory, avoiding detection by traditional antivirus solutions that rely on file scanning. It uses legitimate tools like PowerShell to execute harmful commands without creating files, making it difficult to identify. Cybercriminals can use fileless malware for various malicious activities, including data theft and cryptocurrency mining. Malwarebytes combats fileless attacks through two defense layers: Script Monitoring, which intercepts potentially dangerous scripts at execution, and Command-Line Protection, which scrutinizes command-line tools for suspicious activities. Examples of fileless attacks include malicious email attachments activating PowerShell to download ransomware, hidden JavaScript on websites mining cryptocurrency, and attackers using Windows Management Instrumentation (WMI) to create backdoors. Malwarebytes' Fileless Protection operates automatically in the background, ensuring legitimate applications function normally while monitoring for threats. It is part of a comprehensive security framework that includes machine-learning detection and web protection, designed to stop attacks that do not write files. This protection is included with Malwarebytes Premium, aimed at safeguarding personal and small business systems.

Winsage

December 1, 2025

Did you upgrade to Windows 11? If not then its just not you

Microsoft is facing challenges in transitioning users to Windows 11, with a slower adoption rate compared to the shift from Windows 7 to Windows 10. Approximately 500 million PCs are capable of running Windows 11 but remain on Windows 10, while an additional 500 million computers are too old to upgrade due to hardware requirements. Microsoft executive Pavan Davuluri stated that "nearly a billion people rely on Windows 11," but this claim lacks clarity. The market is divided between users with non-upgradeable hardware and those with capable hardware who choose not to transition. This reluctance poses cybersecurity risks as mainstream support for Windows 10 will end in October 2025. Users have three options: invest in a new PC, opt for Extended Security Updates, or continue using an unsupported operating system. Microsoft is under pressure to either ease hardware restrictions or improve Windows 11's appeal to encourage upgrades.

Winsage

November 11, 2025

UK’s £312M Windows 10 Fiasco: Upgrading to Obsolescence on EOL’s Doorstep

The UK’s Department for Environment, Food and Rural Affairs (Defra) has allocated £312 million to upgrade its IT systems to Windows 10, just months before Microsoft ends support for the operating system on October 14, 2025. Defra faces challenges in migrating thousands of devices, with 24,000 outdated machines incompatible with newer systems. A survey indicates that 90% of UK finance firms also struggle with outdated IT infrastructure, increasing cybersecurity risks. The National Cyber Security Centre has warned organizations to prepare for migrations to Windows 11. Defra's £312 million expenditure includes software licenses, consulting fees, and hardware refreshes, but additional risks such as increased downtime and regulatory fines could lead to significant consequences. The department's outdated devices do not meet Windows 11’s TPM 2.0 requirements, complicating the upgrade process. Experts advocate for an upgrade to Windows 11, but extensive compatibility testing and user training are necessary. Government oversight bodies are scrutinizing Defra’s expenditures, and discussions suggest alternatives like Windows 10 IoT Enterprise LTSC, which offers updates until 2032. The financial implications of Microsoft’s Extended Security Updates pricing add strain, as costs double in subsequent years. The urgency for upgrades is emphasized by the potential cybersecurity risks, with experts warning of vulnerabilities affecting national food security and environmental initiatives.

Tech Optimizer

November 7, 2025

Malwarebytes scores 100% in AV Comparatives Stalkerware Test 2025

The AV-Comparatives Stalkerware Test 2025 evaluated 13 Android security solutions against 17 stalkerware-type applications. The test revealed that stalkerware remains a significant threat, often installed covertly and designed to evade detection. Malwarebytes achieved a perfect 100% detection rate, while Bitdefender, ESET, Kaspersky, and McAfee each detected 94%. Avast, Avira, and F-Secure identified 88%, Norton and Sophos around 82%, and G Data (65%), Google (53%), and Trend Micro (59%) had lower detection rates. The evaluation emphasized the importance of clear communication of threats to potential victims. Malwarebytes' involvement in the Coalition Against Stalkerware highlights its commitment to user safety and effective detection of stalkerware.