cybersecurity threat Archives

Tech Optimizer

December 25, 2025

New malware can read your chats and steal your money

The Android banking trojan Sturnus has emerged as a significant cybersecurity threat, capable of taking control of a device's screen, stealing banking credentials, and accessing encrypted communications from trusted applications. It operates stealthily, capturing decrypted messages without breaking encryption. To protect against Sturnus, users should employ robust antivirus software, be vigilant with app prompts, and exercise caution with links and attachments, as malware is often spread through these channels. Attackers can remotely control devices to execute financial transactions without user knowledge.

AppWizard

December 11, 2025

Android warning issued as fake apps spread DroidLock ransomware demanding payment

DroidLock is a newly identified ransomware targeting Android users in Europe, capable of locking users out of their devices and demanding ransom for access or threatening permanent data deletion. It spreads through deceptive websites promoting counterfeit applications and gains access to devices by monitoring user passcodes. Victims report ransom demands displayed on their screens, often accompanied by a countdown timer. The ransomware employs phishing tactics to lure users into downloading harmful software, which can lock screens, obtain app lock credentials, exploit device administrator privileges, capture images, and silence devices. While it has not yet reached the UK, experts advise users to download applications only from official sources like the Google Play Store and to verify developer credentials for third-party software.

Tech Optimizer

December 3, 2025

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

A malicious Rust package named "evm-units," uploaded by a user called "ablerust" to crates.io in mid-April 2025, poses a significant threat to developers on Windows, macOS, and Linux. It has over 7,000 downloads and is designed to execute its payload stealthily, depending on the victim's operating system and the presence of Qihoo 360 antivirus. The package disguises itself as a function that returns the Ethereum version number and can detect Qihoo 360 antivirus software. It downloads and executes different payloads based on the operating system: a script for Linux, a file for macOS, and a PowerShell script for Windows. If the antivirus is not detected, it creates a Visual Basic Script wrapper to run a hidden PowerShell script. The package targets the Web3 community, particularly developers, and is linked to the widely used "uniswap-utils" package. Both "evm-units" and "uniswap-utils" have been removed from the repository.

Tech Optimizer

November 17, 2025

JSON services hijacked by North Korean hackers to send out malware

The Lazarus Group, a North Korean state-sponsored hacking organization, has been using JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host malicious software. They lure victims through deceptive LinkedIn job offers to deploy malware such as BeaverTail, InvisibleFerret, and TsunamiKit, the latter being a multi-stage toolkit that can act as an information stealer or cryptojacker by installing XMRig to mine Monero. Additional malware variants like Tropidoor and AkdoorTea have been deployed through the BeaverTrail framework, targeting software developers for sensitive data and crypto wallet information. The group's use of legitimate websites and code repositories aims to blend malicious activities with normal internet traffic, increasing their chances of success and posing a significant cybersecurity threat.

Winsage

October 25, 2025

Act Now — Microsoft Issues Emergency Windows Update As Attacks Begin

Microsoft has announced an emergency fix for a critical vulnerability, CVE-2025-59287, affecting Windows Server users, specifically within the Windows Server Update Service (WSUS). The Cybersecurity and Infrastructure Security Agency (CISA) has indicated that attacks exploiting this vulnerability are already occurring. The WSUS Server Role is not enabled by default, meaning only servers with this role activated are at risk unless the fix is applied. CISA has mandated that certain federal agencies address this issue within two weeks and advises organizations to follow Microsoft's guidance to prevent unauthorized remote code execution. Recommended steps include identifying vulnerable servers, applying the security update released on October 23, 2025, and rebooting WSUS servers post-installation. For those unable to update immediately, disabling the WSUS server role and blocking inbound traffic to ports 8530 and 8531 is advised.

AppWizard

October 15, 2025

Worried About 2FA Codes? Pixnapping on Android Might Steal Them

A new cybersecurity threat called "Pixnapping" has been identified, targeting Android users. This attack can capture sensitive information displayed on a user's screen, such as two-factor authentication codes and chat messages, in under 30 seconds. It operates through a seemingly harmless app that prompts a target application to display confidential content and then analyzes the phone's rendering pipeline pixel by pixel to reconstruct the displayed information. The technique has been successfully demonstrated on Google Pixel devices and Samsung's Galaxy S25, exploiting timing discrepancies in graphics rendering. Google has released a patch (CVE-2025-48561) in September to address this vulnerability, though no real-world exploitation has been reported.

Tech Optimizer

June 7, 2025

CISA Warns of Rising Play Ransomware Threat to Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical advisory on December 18, 2023, regarding the rising threat of Play Ransomware, which targets various organizations, particularly critical infrastructure and public sector entities. The advisory details the tactics used by Play Ransomware actors, including exploiting unpatched systems and phishing campaigns, leading to severe consequences like data encryption and high ransom demands. The ransomware can disable antivirus software and exfiltrate sensitive data before encryption. Play Ransomware employs double extortion tactics, threatening to leak stolen data if ransoms are not paid. CISA recommends organizations prioritize patch management, implement multi-factor authentication, train employees to recognize phishing attempts, and maintain regular offline data backups. The advisory calls for collaboration between public and private sectors to combat this threat and emphasizes the importance of information sharing to stay ahead of ransomware tactics.

Tech Optimizer

May 29, 2025

Antivirus alone won’t protect you: The real danger is social engineering

Social engineering is a manipulation tactic that exploits human trust to obtain sensitive information or access, posing a significant cybersecurity threat. Unlike traditional cyber threats that rely on malware, social engineering targets individuals through deception, often invoking emotions like fear or urgency. Common examples include fraudulent phone calls, phishing emails, and deceptive text messages. Antivirus software primarily protects against malware but is ineffective against social engineering attacks, which do not involve malicious code. The consequences of falling victim to such attacks can include financial losses, identity theft, and compromised networks. Effective defenses against social engineering include skepticism towards unsolicited contact, verifying requests independently, never disclosing sensitive information, using strong passwords, and enabling two-factor authentication. Awareness and education are crucial in combating these threats.

Tech Optimizer

March 12, 2025

Malware steals bank cards and passwords from millions of devices

Infostealer malware has become a major cybersecurity threat, with around 25 million users targeted between early 2023 and the end of 2024. These malware variants capture sensitive information, including bank card details and passwords, with nearly 26 million devices affected during this period, resulting in over 2 million unique bank card details leaked. One in every 14 infections compromised bank card data, passwords, and second-factor authentication cookies. In 2024, infections increased significantly, with RisePro's share rising from 1.4% to 22.45% and Stealc from 2.65% to 13.33%. Redline remained the most prevalent infostealer, responsible for 34.36% of infections. By August 2024, an estimated 15.9 million devices had been affected in 2023, increasing to 16.49 million by March 2025. Over 9 million infections were tracked in 2024, with final counts expected to exceed those of 2023. To protect sensitive information, it is recommended to invest in robust antivirus software, use virtual cards for online transactions, set up transaction alerts and spending limits, avoid storing card details in browsers, use strong and unique passwords, and consider personal data removal services.

Winsage

October 4, 2024

Microsoft Windows ‘Critical Vulnerability’ Warning—You Have 72 Hours To Update Your PC

Microsoft Windows users face a critical vulnerability identified as CVE-2024-43461, which emerged in the September security update and has been added to the U.S. government's Known Exploited Vulnerabilities catalog. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that Windows users apply necessary mitigations by October 7, particularly for federal employees, but many organizations are expected to follow suit. This vulnerability allows attackers to spoof web pages and was exploited alongside CVE-2024-38112, which involves using outdated Internet Explorer to redirect users to malicious URLs. Trend Micro's Zero Day Initiative has indicated that the latest CVE allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. Patching CVE-2024-38112 also addresses CVE-2024-43461, but many users remain on outdated versions of Windows, putting them at significant risk.