deceptive tactics Archives

Tech Optimizer

May 26, 2026

What the Tech? What to ask yourself before downloading an anti-virus app

Most individuals do not require antivirus apps on their smartphones, as the primary threats are scams rather than traditional viruses. iPhones use app isolation, making conventional antivirus scans ineffective; threats include phishing texts and fraudulent websites. Android phones allow sideloading, increasing the risk of malware from unofficial sources. The main dangers are deceptive tactics like phishing, scam calls, and social engineering. To enhance security, users should keep their operating systems updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click unverified links, download files from unfamiliar sites, or engage in Android sideloading. Reputable security apps focus on scam detection and account safety rather than traditional virus scanning.

Tech Optimizer

May 25, 2026

What The Tech: Is an anti-virus software needed for smartphones?

Most smartphone users do not require antivirus applications, as the primary threats are scams rather than traditional viruses. iPhones have a secure operating system that limits antivirus functionality, focusing on scams like deceptive texts and phishing links. Android devices allow sideloading, increasing the risk of malware from unofficial sources. Best practices for smartphone safety include downloading apps from official stores, using trusted developers, avoiding dubious links, keeping the operating system updated, using strong passwords, enabling two-factor authentication, and refraining from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click on links, download files from unfamiliar websites, install many applications, engage in Android sideloading, or seek additional protection against scams. Reputable security apps prioritize scam detection and unsafe website identification over traditional virus scanning.

Tech Optimizer

May 21, 2026

What the Tech? Antivirus protection for your smartphone

Most users do not require an antivirus app on their smartphones, as the predominant threats are scams such as phishing texts and fraudulent websites rather than traditional viruses. iPhones operate on a design that isolates apps, limiting the effectiveness of antivirus software, while Android devices allow sideloading, which can increase the risk of malware. The real danger lies in deception tactics used by cybercriminals, making personal account security more important than antivirus software. To enhance security, users should keep their operating systems updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click on unverified links, download files from unfamiliar sites, or engage in Android sideloading. Reputable security apps focus on scam detection and web protection rather than traditional virus scanning.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

AppWizard

April 3, 2026

NCSC warns of messaging app targeting by Russia-linked actors

The UK National Cyber Security Centre (NCSC) has warned of an increase in cyber threats from Russia-based actors, targeting high-risk individuals through messaging applications like WhatsApp, Signal, and Messenger. These threats involve deceptive tactics such as coaxing users for login codes, unauthorized device access, group chat infiltration, impersonation of trusted contacts, and phishing links. The targeting is linked to state-affiliated groups from Russia, China, and Iran. High-risk individuals are those with access to sensitive information or influential roles. The NCSC recommends several protective measures: enabling two-step verification, not sharing verification codes, monitoring linked devices, being cautious with unknown contacts, limiting personal app use for work, and using disappearing messages to reduce data exposure.

AppWizard

April 3, 2026

Russian officials discover fraudsters in Minecraft – they are using children in their schemes

Fraudsters are exploiting in-game chats in Minecraft to deceive young players, particularly in Russia. They initiate contact with children in the game, then move the conversation to Telegram, posing as "cybersecurity officers" and claiming that the children have shared sensitive information. They threaten detention to coerce minors into stealing money from their parents to give to couriers. Authorities have issued warnings to raise awareness among children and parents about these deceptive tactics.

AppWizard

March 19, 2026

RUSSIA Mammut virus hits Russia’s patriotic messaging app

A virus known as Mamont is targeting users of the messaging platform Max, which has 100 million registered profiles. Mamont infiltrates online banking applications and spreads primarily through family and parental chat groups, allowing cybercriminals to steal payment information. The virus often begins with a deceptive message prompting users to click, leading to the silent download of a Trojan that siphons off data. Despite claims from the Max press service that the virus's spread is exaggerated, concerns remain about the security of user data, particularly given that all communications on Max are monitored by the state. Many users resort to using a second device, referred to as Maxofon, to comply with the platform's requirements while keeping their primary device for other applications.

AppWizard

February 22, 2026

Google Blocked 1.75M Policy-Violating Apps From Google Play in 2025

Google successfully prevented the publication of over 1.75 million policy-violating applications in 2025 and banned more than 80,000 developer accounts identified as harmful. The company blocked over 255,000 apps from accessing sensitive user information and prevented 160 million spam ratings and reviews. Google integrated generative AI systems into its review process to enhance detection of malicious patterns. The European Commission is investigating Google's consumer safety practices in the Play Store, particularly regarding financial scams. Independent researchers found 20 Android apps on the Play Store designed to steal cryptocurrency.

AppWizard

December 1, 2025

Android malware Albiriox abuses 400+ financial apps in on-device fraud and screen manipulation attacks

A new malware-as-a-service (MaaS) called Albiriox has emerged, targeting banking and cryptocurrency applications, particularly focusing on Austrian users. It is marketed on the dark web and employs deceptive tactics, such as mimicking legitimate businesses and creating fake landing pages and app listings on the Google Play Store. Victims are tricked into providing their phone numbers, leading to the delivery of a malicious APK file via SMS or WhatsApp. This APK acts as a dropper, designed to bypass detection methods and requests permissions under the guise of a “software update” to download the actual malicious payload. Once installed, it can take control of the device or function as an infostealer, extracting sensitive information like phone numbers and passwords, which is sent to a Telegram channel. Cleafy researchers suggest that the Albiriox campaign is linked to Russian cyber actors based on their activities on cybercrime forums and communication style.