deceptive nature Archives

AppWizard

November 26, 2025

This new Android malware can control your phone and swipe your banking data

A new malware called Sturnus spreads through sideloaded APKs and can steal chats, banking information, and control devices. It reads decrypted chats, creates fake banking overlays, and can remotely access Android devices. Sturnus disguises itself with fake Android update screens, and users in Europe have already fallen victim to it. The malware is primarily spread through attachments sent via messaging applications and exploits Accessibility settings to read screen content and impose overlays on banking applications. Google has not detected this malware in the Google Play Store, thanks to Play Protect's scanning efforts. Users are advised to exercise caution when downloading APKs.

AppWizard

August 12, 2025

This so-called Android ‘antivirus’ is just a front for spyware

LunaSpy is an Android spyware that has been circulating since February 2025, primarily infiltrating devices through messaging platforms like Telegram. It disguises itself as a legitimate antivirus or banking protection app, tricking users into granting extensive permissions by initiating a fake virus scan and presenting false notifications of threats. Once installed, LunaSpy can steal passwords from browsers and messaging apps, record audio and video, access text messages, track geographical location, and execute commands on the device. The spyware also contains dormant code that may allow it to steal photos in future updates. Data collected by LunaSpy is sent to attackers via around 150 servers. Users are advised against downloading APKs from links shared through messaging apps and should uninstall any unfamiliar antivirus applications that request extensive access to their devices.

AppWizard

June 19, 2025

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Check Point researchers have discovered a malware campaign targeting Minecraft users, utilizing a distribution-as-a-service model called Stargazers. This malware, disguised as cheat tools, employs Java and .NET stealers to compromise player systems. The attackers have been active since March 2025, using GitHub repositories that appear to offer legitimate mods but contain malicious JAR files. The infection process begins with the installation of a compromised JAR file, which triggers a multi-stage attack that extracts sensitive data from Minecraft and Discord, as well as broader information like browser credentials and cryptocurrency wallet details. The malware is linked to Russian-speaking threat actors, and the Stargazers Ghost Network is identified as the distributor. The report highlights the need for caution when downloading third-party content in gaming communities.

Winsage

May 14, 2025

Microsoft’s upcoming OneDrive update bypasses security protocols between business and personal files

Microsoft is integrating its products into the user experience, with OneDrive being a prominent example. The upcoming June update will introduce a feature called "Prompt to Add Personal Account to OneDrive Sync," which encourages users on business devices to sync files with personal accounts, potentially compromising security by exposing sensitive business data. Many users are unaware they are using OneDrive, leading to confusion and frustration, especially among older individuals. To address concerns about the update, users can consult their IT department to implement policies that disable the synchronization prompt or personal sync altogether.

AppWizard

April 25, 2025

There’s yet another PC ripoff floating around the Nintendo eShop, but this time it’s REPO that’s been robbed: ‘Even the eShop has slip-ups when it comes to allowing fake games’

A game called R.E.P.O Horror was released on the Nintendo eShop, misleading players into believing it was the authentic PC game R.E.P.O. Users reported that R.E.P.O Horror was of low quality and not published by the original developer, Semiwork. This incident is part of a broader trend of intellectual property infringement, as seen with other titles like The Backrooms 1998 and games such as TCG Card Shop Simulator, Only Up!, and Chained Together, which closely resemble their original versions. Consumers are advised to verify developer and publisher details before purchasing games on the Nintendo eShop to avoid counterfeit products. The original R.E.P.O game remains a reputable option in the co-op horror genre, with plans for future enhancements.

AppWizard

March 22, 2025

Nasty Android apps that steal credit cards and passwords downloaded 60 million times

Over 331 applications on the Google Play Store have been identified as potentially compromised by a widespread malware campaign, which has affected millions of Android devices. These malicious apps can steal sensitive information, including passwords and credit card details, and have accumulated over 60 million downloads globally. They often disguise themselves as benign utility applications, such as QR code scanners and fitness tools, and generate revenue through intrusive advertisements. The malware campaign began in April 2024, with many apps initially appearing benign before being updated with malicious components. Some apps can hide their icons and bypass Android security measures, making detection difficult. Victims are primarily located in Brazil, the United States, Mexico, Turkey, and South Korea. Despite Google's efforts to remove many of these apps, some remain active, and users must take proactive measures to protect their devices.

AppWizard

December 25, 2024

Android users who use Amazon are placed on red alert and told to delete app now

A recent alert from McAfee has raised concerns for Android users regarding a health application called BMI CalculationVsn available on Amazon's Appstore. This app, which appears to be a simple Body Mass Index calculator, is capable of recording on-screen activity, accessing private SMS messages, and scanning devices for sensitive information. McAfee discovered that the app secretly steals the package names of installed apps and incoming SMS messages. Following this discovery, McAfee alerted Amazon, which removed the app from its platform. Users who have downloaded the app are advised to uninstall it immediately. McAfee emphasizes the importance of vigilance in digital security, recommending that Android users install reliable antivirus software and carefully review permission requests from apps. Users should also be aware of unusual app behavior, such as decreased device performance, rapid battery drain, and unexpected spikes in data usage, which may indicate malicious activity.

AppWizard

December 23, 2024

Urgent Android warning for anyone who uses Amazon – delete dangerous app now

McAfee's security team discovered a malicious app named "BMI CalculationVsn" in Amazon's Android Appstore, which pretended to be a health tracker but was capable of screen recording, password theft, and accessing private SMS messages. Following the report, Amazon removed the app from its platform, and users who downloaded it are advised to uninstall it immediately. McAfee recommends that Android users install reliable antivirus software, scrutinize permission requests before downloading apps, and monitor app behavior for unusual activity to enhance their security.

Tech Optimizer

December 6, 2024

This sneaky phishing attack is a new take on a dirty old trick

Attackers are using a new phishing tactic involving Word documents that redirect users to a fake Microsoft login page to steal account credentials. This method can evade traditional antivirus detection due to the malicious content being difficult to scan. Users are advised to be cautious with email attachments, avoid clicking on links from unknown sources, consider using passkeys for account access, and enable two-factor authentication (2FA) for added security. Phishing attacks require user participation, so it's important to verify the legitimacy of requests before acting.

AppWizard

November 28, 2024

Android phones under attack from malicious apps with over 8 million installs

Recent findings from cybersecurity firm McAfee identified 15 malicious loan applications with around 8 million downloads that are designed to steal personal and financial data. These apps, found on platforms like the Google Play Store, mimic legitimate financial services and primarily target Android users in regions such as South America, Southern Asia, and Africa. Users are advised to remove specific apps, including "Préstamo Seguro-Rápido," "Préstamo Rápido-Credit Easy," and others, which promise quick loans but are actually tools for data harvesting. Victims report receiving partial funds and facing aggressive repayment demands, with some apps sharing a common infrastructure for data exfiltration. Key indicators of malicious intent include poor app ratings, excessive permission requests, and the legitimacy of the developer. Staying updated with software patches is also recommended to protect against these threats.