deceptive application Archives

AppWizard

October 2, 2025

This dangerous new Android malware disguises itself as a VPN or IPTV app – so be on your guard

Cybersecurity researchers from Cleafy have identified an Android trojan named Klopatra, which targets banking and cryptocurrency users by stealing funds from banking applications and cryptocurrency from hot wallets. This malware, attributed to a Turkish threat actor, has been active since March 2025 and has undergone 40 iterations. It is distributed through a deceptive app called Modpro IP TV + VPN, which requests Accessibility Services permissions upon installation. Klopatra employs advanced techniques to evade detection, including the use of Virbox for code protection, minimizing Java and Kotlin usage, NP Manager string encryption, and multiple anti-debugging features. Currently, at least 3,000 devices in Europe have been compromised by this malware.

Tech Optimizer

August 16, 2025

Fake antivirus, real spyware

A deceptive application called LunaSpy has emerged, posing as antivirus and banking protection software, and is spreading through dubious links on platforms like Telegram and via text messages. Instead of providing security, it siphons personal data, tracks user activity, and can record audio. TotalAV is suggested as a reliable alternative for genuine protection against such threats. Users are advised to exercise caution when downloading software and prioritize legitimate antivirus solutions.

Winsage

July 10, 2025

Unofficial Windows reinstaller app locks you out of your Windows 11 PC until you pay

Windows 11 version 25H2 may allow users to uninstall Microsoft apps, addressing concerns about pre-installed software. However, recent tests suggest that the impact of such bloat on performance is minimal, leading some users to reconsider the need for a cleaner system. A concerning trend involves an unofficial app called "Windows Reinstall Master," which charges users 98 RMB for reinstallation services while locking them out of their operating system. This app resembles ransomware and often installs unwanted software, counteracting users' intentions to reset their systems. The situation is exacerbated by Microsoft's upcoming end of support for Windows 10, prompting users to seek help from unreliable sources, increasing the risk of scams.

AppWizard

October 3, 2024

Google bans popular Android app now you must delete it from your phone today

Security experts at Check Point Research have warned Android users to examine their smartphones and recently installed applications due to a malicious app that stole approximately £54,000 from users. The fraudulent application, disguised as WalletConnect, was available on the official Google Play Store for over five months and was downloaded around 10,000 times. It drained digital currencies, including NFTs, by exploiting the trusted WalletConnect service and using fake reviews to appear legitimate. The attackers employed phishing techniques and smart contracts to deceive users into authorizing fraudulent transactions. Although Google has removed the app, users are advised to delete it if they suspect they have downloaded it. This incident highlights the sophistication of cybercriminal tactics in the decentralized finance sector, emphasizing the need for users to be cautious about the applications they download.

AppWizard

September 27, 2024

App installed from Google Play Store was a major scam ripping off 150 Android users

A fraudulent application named WalletConnect was discovered in the Google Play Store, designed to mislead web3 users by mimicking the legitimate WalletConnect protocol. The app, which gained over 10,000 installations, prompted users to connect their cryptocurrency wallets, leading them to authorize transactions that redirected them to a malicious website. This site collected sensitive information and executed token transfers from victims' wallets, marking the first instance of a "crypto drainer" targeting mobile device users. Despite Google Play Protect, the app remained on the Play Store for five months, resulting in approximately ,000 in stolen cryptocurrency before its removal. Users are advised to uninstall the app immediately.

AppWizard

September 26, 2024

Fake WalletConnect app on Google Play steals Android users’ crypto

A fraudulent application named WallConnect, posing as the legitimate WalletConnect, has been available on Google Play for five months, accumulating over 10,000 downloads. The app misled users by claiming to be a Web3 tool for cryptocurrency wallet interactions. It utilized fake user reviews to enhance its visibility and ranking. Upon installation, users were redirected to a malicious website to authorize transactions, leading to unauthorized access and theft of sensitive wallet information and digital assets. Researchers identified at least 150 victims who lost over ,000 in total, with only 20 leaving negative reviews. Check Point reported the app to Google, resulting in its removal from the store.

AppWizard

May 12, 2024

Android owners warned over copycat of popular app that can rinse your bank

A fake McAfee app posing as the legitimate antivirus software has been targeting Android users, leading to financial harm and unauthorized money transfers. The malware is disguised as a legitimate app and is designed to compromise online banking accounts. The scammers persuade users to install the fake app, which then allows them to gain control of the phone and execute fraudulent transactions. It is important for users to enable Google's Play Protect feature, read app reviews before downloading, delete the fake app if installed, restore the device to factory settings, and contact their bank immediately if they suspect unauthorized activity.