data theft Archives

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.

AppWizard

February 22, 2026

Google Blocks Millions of Risky Android Apps: Biggest Play Store Cleanup Yet

Google blocked approximately 1.75 million dangerous or policy-violating apps from reaching users in 2025 and shut down over 80,000 developer accounts associated with fraud, malware, and repeated policy violations. Play Protect identified millions of risky apps installed from external sources, and it scans apps in real-time, even after installation. Key reasons for app rejections include malware behavior, financial fraud, misuse of permissions, and deceptive advertisements. The crackdown results in safer app downloads, reduced risk of data theft, improved privacy enforcement, and lower exposure to counterfeit applications.

Tech Optimizer

February 18, 2026

Fake Antivirus Program Threatens Android Phones and Steals Data – Jordan News | Latest News from Jordan, MENA

Cybersecurity experts have identified a malicious campaign targeting Android users through a counterfeit antivirus application called TrustBastion. This app serves as a vehicle for distributing malware that steals personal and banking information and provides attackers with remote access to infected devices. TrustBastion has been found on Hugging Face, complicating detection for users. The app masquerades as a legitimate security tool, prompting users to install a “necessary update” that contains malicious code. Once activated, the malware captures screenshots, displays fake login pages for financial services, and records sensitive information, which is sent to the hackers' servers. Attackers frequently re-upload modified versions of the app, maintaining its harmful functionality. Users are advised to download apps only from official stores, review ratings, and avoid untrusted APK files. Installing reputable antivirus solutions and activating Google Play Protect is recommended for enhanced security.

Winsage

February 18, 2026

Attackers steal Windows users’ data using fake CAPTCHA checks

Fraudsters are using counterfeit CAPTCHA confirmation pages to deploy StealC, an information-stealing malware targeting Windows systems. Users are tricked into visiting compromised websites where a fake CAPTCHA prompts them to execute a sequence of keystrokes that runs a malicious PowerShell command. This command connects to a remote server, downloads shellcode, and injects the StealC payload into svchost.exe. Once installed, StealC collects sensitive information such as browser credentials, email data, and cryptocurrency wallet details, facilitating fraud and account hijacking. The malware operates primarily in the system's RAM, making detection difficult.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

Tech Optimizer

February 16, 2026

Researchers Uncover OysterLoader, an Advanced Obfuscated Loader Powering Rhysida Attacks

OysterLoader, a sophisticated malware loader also known as Broomstick and CleanUp, has emerged as a significant threat since mid-2024. It is a multi-stage downloader linked to ransomware attacks and data theft, particularly associated with the Rhysida ransomware group. Written in C++, it infiltrates systems through malicious websites that impersonate legitimate software download platforms, tricking victims into executing a signed Microsoft Installer (MSI) that launches the malware. OysterLoader employs a four-stage infection chain designed to evade detection. The first stage uses a packer named TextShell to load hidden code into memory, creating an illusion of legitimacy through harmless Windows API calls. The second stage decompresses a concealed payload using a modified LZMA algorithm. The third stage functions as a downloader and environment tester, establishing contact with its command-and-control (C2) server via HTTPS. In the final stage, OysterLoader installs a malicious DLL that executes every 13 minutes through the Windows Task Scheduler, communicating with multiple hardcoded servers and transmitting critical system information. The malware uses customized Base64 encoding and variable communication endpoints to evade detection. Its primary objective is to ensure persistence and facilitate the delivery of additional payloads, including ransomware and credential stealers. Security analysts predict that OysterLoader will remain a formidable threat through 2026, particularly for organizations downloading administrative tools from unverified sources. Indicators of Compromise (IOC): - Mutex: h6p#dx!&fse?%AS! - Task: COPYING3 (rundll32 DllRegisterServer) - C2 Domain: grandideapay[.]com/api/v2/facade - RC4 Key: vpjNm4FDCr82AtUfhe39EG5JLwuZszKPyTcXWVMHYnRgBkSQqxzBfb6m75HZV3UyRY8vPxDna4WC2KMAgJjQqukrFdELXeGNSws9SBFXnYJ6ExMyu97KCebD5mTwaUj42NPAvHdkGhVtczWgfrZ3sLyRZg4HuX97AnQtK8xvpLU2CWDhVq5PEfjTNz36wdFasecBrkGSDApf83d6NMyaJCsvcRBq9ZYKthjuw5S27EVzWrPHgkmUxFL4bQSgMa4F - IP: 85.239.53.66

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.

Winsage

February 14, 2026

Microsoft Fixes Critical Windows 11 Notepad Flaw

Microsoft has released a patch for a significant vulnerability in Notepad on Windows 11 that could allow attackers to execute code by opening a Markdown file and clicking on a malicious link. This vulnerability was due to how Notepad processed links within Markdown files, which could trigger unverified protocols to load remote content. The patch now includes a security warning before such links can be activated. Users are advised to check for updates via Windows Update and the Microsoft Store to ensure Notepad and related components are up to date. Security tips include inspecting URLs before clicking and keeping Microsoft Defender features enabled.

AppWizard

February 10, 2026

Android users warned about new bug that steals private data – which apps to delete

The Arsink malware is an Android Remote Access Trojan (RAT) that exfiltrates sensitive information while granting remote control to its operators. It has impacted over 45,000 devices in 143 countries, including the UK. Arsink lures users to download deceptive "pro" versions of popular applications, often promoted on social media instead of the Google Play Store. Once installed, it can access text messages, emails, call logs, contacts, microphone recordings, photos, location data, and more. The malware also allows hackers to control device features such as using the torch, playing audio, making calls, and changing settings. It hides its icon, runs a persistent foreground service, and generates notifications to avoid detection. Users are advised to remove any "pro" versions of well-known apps like Google, YouTube, WhatsApp, Instagram, Facebook, and TikTok that are not from the official Google Play Store.

Tech Optimizer

January 18, 2026

The best malware removal software of 2026: Expert tested and reviewed

Cybercriminals use various tactics to infiltrate devices and accounts, spreading malware that can affect PCs, mobile devices, and smart home products. Signs of infection may include increased power consumption, unwanted pop-ups, and sluggish performance, while some malware operates stealthily. Default operating system protections are improving, and users can take proactive measures like installing malware removal applications. Bitdefender Antivirus Plus is recommended for its real-time and on-demand scanning capabilities, effective malware detection, and cost-effective plans starting at a certain price per year. It includes features such as anti-phishing, anti-tracking, and a VPN, although the VPN has a daily traffic limit. Malwarebytes is another strong option, effective against various threats and offering a user-friendly interface, with paid plans starting at a certain price per year. Avast One Essential provides a free antivirus solution with strong scanning capabilities and additional security features, while ESET offers high-quality antivirus scans but lacks a fully free version beyond a trial. Emsisoft Emergency Kit is a portable scanning tool that operates from a USB drive and is free for personal use. Bitdefender Antivirus Plus features include: - On-access and on-demand scanning - Live customer support - Anti-phishing and anti-tracking features - VPN - Scam protection - Ransomware combat capabilities Malwarebytes features include: - On-access, scheduled, and on-demand scanning - Browser Guard extension - VPN - Multi-platform compatibility - Free or paid options - Scam and ad blocker Avast One Essential features include: - On-access, scheduled, and on-demand scanning - Multi-platform compatibility - Free or paid options - Strong antivirus scores - Anti-scam guidance - Ransomware protection - Cleanup options ESET Home Security Essential features include: - On-access and on-demand scanning - Real-time protection for financial transactions - Advanced security features - Multi-platform compatibility - Anti-phishing capabilities - Live customer support Emsisoft Emergency Kit features include: - On-demand scanning - Portable operation from a USB - Compatible with Windows - Free for personal use