Deception Archives

AppWizard

April 8, 2026

VP Duterte warns public vs individuals posing as her on messaging app

Vice President Sara Duterte has warned the public about individuals impersonating her on messaging platforms. She posted on her Facebook and the Office of the Vice President's official page, advising citizens to be cautious of suspicious messages claiming to be from her. A screenshot of a conversation was included where the impersonator requested a list of supportive congressmen. Duterte emphasized not to engage, share personal information, or send money, stating she does not solicit favors from the public.

AppWizard

April 8, 2026

The FBI Warns That Foreign Cybercriminals Have Targeted Messaging App Users

Cybercriminals connected to Russian intelligence are conducting a large phishing campaign targeting messaging applications, impacting thousands of accounts worldwide. A joint advisory from the FBI and CISA reveals that these attacks focus on individuals with access to sensitive information, including government officials, military personnel, political figures, and journalists. The campaign relies on deception, with attackers impersonating official support channels on platforms like Signal, sending messages that prompt victims to click malicious links or provide confidential information. Victims who comply risk losing control of their accounts, allowing attackers to read private messages and access contact lists. This trend has been observed not only in the U.S. but also in the Netherlands, where similar tactics are used against government employees. The FBI notes that the security of the messaging apps is not the issue; rather, the vulnerability lies in human error. The rise of social engineering tactics poses a risk to both high-profile individuals and potentially everyday users, and users are advised to be cautious with unsolicited messages and not to share sensitive information.

AppWizard

March 21, 2026

Cyber actors linked to Russia target messaging app users, FBI warns

The United States has issued a warning about cyber actors linked to Russian intelligence targeting users of commercial messaging applications, particularly Signal, compromising thousands of accounts worldwide. The FBI and CISA released a public service announcement detailing the operation's focus on individuals of “high intelligence value,” including U.S. government officials, military personnel, political figures, and journalists. Attackers have not breached the encryption of these platforms but manipulate users into disclosing credentials or linking devices. Russian intelligence-linked actors often pose as official support accounts, creating urgency to obtain security codes. Dutch intelligence agencies also reported a similar campaign targeting Signal and WhatsApp accounts of dignitaries and military personnel. Users are urged to be cautious of suspicious messages and to avoid sharing personal information. Signal reaffirmed that its encryption remains intact, emphasizing that vulnerabilities arise from user behavior rather than technical flaws in the application itself.

Tech Optimizer

March 13, 2026

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

The Zombie ZIP exploit is a vulnerability that allows malware to bypass most antivirus solutions by misleading them about the nature of ZIP file contents. It takes advantage of the ZIP file structure, presenting itself as uncompressed data while hiding compressed information. This vulnerability can be easily implemented in Python with minimal code. The Computer Emergency Response Team (CERT) has issued advisory VU#976247, and the vulnerability is listed as CVE-2026-0866. Systems administrators are advised to be vigilant regarding ZIP files on their networks.

AppWizard

March 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have identified six new families of Android malware designed to extract sensitive data and facilitate financial fraud. Notable threats include: - PixRevolution: Targets Brazil's Pix payment platform, activates during Pix transfers, and uses real-time monitoring to intervene in transactions. Victims are tricked into installing malicious apps from counterfeit Google Play Store listings, which enable accessibility services for the malware to capture screens and overlay fake interfaces to reroute funds. - BeatBanker: Spreads through phishing attacks disguised as legitimate Google Play Store pages. It uses an inaudible audio loop for persistence, functions as a banking trojan, and includes a cryptocurrency miner. It creates deceptive overlays for platforms like Binance and Trust Wallet to divert funds and can monitor web browsers and execute remote commands. - TaxiSpy RAT: Exploits accessibility services to gather sensitive information such as SMS messages and call logs, targeting banking and cryptocurrency applications with overlays for credential theft. It employs advanced evasion techniques like native library encryption and real-time remote control. - Mirax: A private malware-as-a-service (MaaS) offering with a subscription model that provides tools for banking overlays and information gathering, including keystrokes and SMS. - Oblivion: Another Android RAT available at a competitive price, featuring capabilities to bypass security measures on various devices. - SURXRAT: Distributed through a Telegram-based MaaS ecosystem, it uses accessibility permissions for persistent control and communicates with a Firebase-based command-and-control infrastructure. Some samples incorporate a large language model component, indicating experimentation with AI by threat actors.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

Winsage

February 18, 2026

Attackers steal Windows users’ data using fake CAPTCHA checks

Fraudsters are using counterfeit CAPTCHA confirmation pages to deploy StealC, an information-stealing malware targeting Windows systems. Users are tricked into visiting compromised websites where a fake CAPTCHA prompts them to execute a sequence of keystrokes that runs a malicious PowerShell command. This command connects to a remote server, downloads shellcode, and injects the StealC payload into svchost.exe. Once installed, StealC collects sensitive information such as browser credentials, email data, and cryptocurrency wallet details, facilitating fraud and account hijacking. The malware operates primarily in the system's RAM, making detection difficult.

BetaBeacon

February 13, 2026

These top Android games are worth playing in 2026

Fortnite is a widely played battle royale game that challenges players to be the last man standing and use weapons wisely.

Winsage

January 27, 2026

Microsoft warns Teams users about scammers posing as trusted brands

Microsoft has introduced a Brand Impersonation Protection feature for Teams that scrutinizes incoming VoIP calls from unfamiliar external contacts to identify potential brand impersonation. This feature alerts users to high-risk and suspicious calls, aiming to enhance security in digital communications. Additionally, Microsoft has postponed the rollout of its Wi-Fi location tracking feature to mid-March, which monitors users' live locations when connected to office Wi-Fi, raising concerns about corporate surveillance.

Tech Optimizer

January 13, 2026

Trusted Antivirus Protection for PCs

Your PC requires robust antivirus protection due to its diverse usage, and Windows 11 offers built-in protections that operate seamlessly. Antivirus software, such as Microsoft Defender in Windows 11, protects against threats like viruses, malware, phishing websites, and suspicious email attachments. However, it cannot fully defend against social engineering scams, new ransomware, zero-day vulnerabilities, or risky online behaviors. Microsoft Defender provides automatic threat scanning, works with the Windows firewall, utilizes cloud intelligence, alerts users to unsafe content, and offers ransomware protection. To enhance security, users should keep software updated, use strong passwords, secure their Wi-Fi, enable firewalls, and back up files regularly.