Deception Archives

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.

AppWizard

May 2, 2025

Google Play Store just lost a ton of apps, but this is actually a good thing

The Google Play Store has seen a decline in available apps from 3.4 million to approximately 1.8 million since the beginning of 2024, representing a loss of nearly 47%. The "games" category lost 200,000 apps, the education sector lost around 160,700 apps, and the business category saw a reduction of 115,400 apps. This removal is part of Google's effort to combat ad fraud, particularly from "vapor apps" that misled users and generated recurring advertisements. Over 56 million downloads were affected across 180 apps. Google has implemented new policies for tracking and removing spammy applications, including expanded verification requirements, mandatory app testing, and enhanced human reviews.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

AppWizard

April 10, 2025

SpyNote Android malware resurfaces in campaign using spoofed app install pages

A report from DomainTools LLC reveals that cybercriminals are using newly registered domains to distribute the SpyNote Android remote access trojan (RAT) by creating fake websites that resemble legitimate Google Play app installation pages. These counterfeit pages often include familiar visual elements to deceive users into downloading harmful APK files, such as a site mimicking the TikTok installation page. The downloaded files typically contain variants of SpyNote, which can conduct surveillance, harvest sensitive information, and execute remote commands on compromised devices. The delivery mechanism involves a two-stage process where a dropper APK installs a secondary APK with core spyware functionalities, utilizing JavaScript to trigger downloads from fake install buttons. Common characteristics of the domains distributing SpyNote include registration with NameSilo LLC and XinNet Technology Corp., hosting on infrastructure linked to Lightnode Ltd and Vultr Holdings LLC, and the presence of SSL certificates. The malware delivery sites contain code in both English and Chinese, suggesting a Chinese-speaking threat actor may be involved. SpyNote has been associated with advanced persistent threat groups targeting individuals in South Asia, including those in the Indian defense sector. Once installed, SpyNote requests intrusive permissions to access SMS, contacts, call logs, camera, microphone, and location services, and employs persistence mechanisms that make it difficult to remove. DomainTools advises users to be vigilant against spoofed app pages and avoid sideloading APKs from unverified sources.

AppWizard

March 11, 2025

I can’t stop thinking about this enigmatic new game about AI

Centum is a point-and-click adventure game available on PS4, PS5, Xbox One, Xbox Series X/S, PC, and Nintendo Switch. Players assume the role of a prisoner seeking freedom within a distorted digital landscape created by a malfunctioning AI. The game features initial tasks that lead to a complex narrative filled with eccentric characters and philosophical riddles. Central themes include the quest for identity and the exploration of lost memories. The gameplay challenges players to discern truth from illusion in a chaotic world, ultimately reflecting the complexities of the digital age.

AppWizard

February 28, 2025

Reburn, formerly 4A Games Ukraine, announces sci-fi first-person shooter La Quimera for PC

Reburn, formerly known as 4A Games Ukraine, has announced its new project, La Quimera, a narrative-driven science-fiction shooter set in a dystopian future Latin America in the year 2064. The game utilizes the 4A Engine and will be available on PC via Steam, though the release date is not yet revealed. Players take on the role of PMC operatives in a world where nation-states have collapsed, relying on mercenary forces. The game features solo and cooperative gameplay for up to three players, allowing for tactical collaboration and customization of weapons and exoskeletons. Players will face various hostile factions and robotic enemies with advanced capabilities, aided by a personal combat AI assistant.

AppWizard

February 23, 2025

Police Warn Coconut Creek Residents of Facebook Messenger Scam

Coconut Creek Police have issued a warning about a Facebook Messenger scam where a local woman was duped by a hacker impersonating a friend. The victim sent money via the Zelle app, only to discover later that her friend's account had been hacked. The police report noted that the hacker's phone number did not match her friend's, prompting her realization of the deception. Residents are advised to verify identities through alternative means before sending money or personal information and to stay informed about potential scams.

AppWizard

February 18, 2025

Elon Musk Is Trying to Hinder Anti-Trump Whistleblowers

Elon Musk has blocked links to the encrypted messaging app Signal on his platform, X, causing concerns about the selective application of free speech. Cybersecurity researchers reported that accessing Signal links results in a warning page, although users can still proceed. Donald Trump is advocating for leniency towards Andrew Tate, who, along with his brother, faces serious legal charges in Romania but has temporarily blocked his indictment and remains under investigation. Musk's DOGE initiative seeks access to sensitive taxpayer information from the IRS, prompting ethical and security concerns among officials. Musk has also expressed support for Trump's criticisms of CBS’s 60 Minutes, reflecting a growing alignment with Trump's narrative against mainstream media. The Associated Press is in conflict with the Trump administration over the renaming of the Gulf of Mexico to the "Gulf of America," resulting in the revocation of its access to significant areas like the Oval Office and Air Force One.

AppWizard

February 13, 2025

Lies of P: Overture will take Pinocchio back in time to the beginning of the Puppet Frenzy

A new prequel expansion titled Lies of P: Overture was announced during Sony's State of Play showcase, set to launch this summer. This DLC will explore the origins of the Puppet Frenzy, a significant event preceding the original game. Lies of P is inspired by The Adventures of Pinocchio and features gameplay similar to the Dark Souls series. The game has received a favorable review score of 74%.

Tech Optimizer

February 11, 2025

Millions of Mac owners urged to be on alert for info-stealing malware

Mac owners should be vigilant in 2025 due to a significant rise in macOS infostealers, as indicated by the State of Malware report from Malwarebytes. These infostealers can extract sensitive personal information, such as credit card details and passwords, putting Mac users at risk similar to Windows users. Notable infostealers like Poseidon and Atomic Stealer can target over 160 cryptocurrency wallets and compromise VPN configurations. Most macOS infostealers rely on user deception for installation, making user caution essential. Recommendations for protection include downloading software only from trusted sources, using robust antivirus software, verifying links from unknown sources, enabling two-factor authentication, and considering a password manager or VPN. Cybercriminals are increasingly targeting Macs as their popularity grows.