Defender Archives

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

Tech Optimizer

April 16, 2026

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher named Chaotic Eclipse has discovered a significant vulnerability in Microsoft Defender that could allow hackers to gain administrative access to systems running Windows 10, Windows 11, and Windows Server. The vulnerability arises from Windows Defender's behavior of rewriting detected malicious files back to their original location instead of removing them, which can be exploited to overwrite system files and grant unauthorized users elevated privileges. This issue remains unaddressed by Microsoft, leaving millions of users vulnerable. Although there is no current evidence of active exploitation, the situation could change. Users are advised to consider additional antivirus solutions for enhanced security.

Tech Optimizer

April 16, 2026

Best Antivirus Software for Windows PCs in 2026

Bitdefender Total Security offers real-time malware and virus detection, multi-layer ransomware protection, a limited daily data VPN, a password manager, parental controls, and webcam protection. It is compatible with Windows, Mac, Android, and iOS. Pros include excellent detection ratings, minimal system impact, and coverage for up to five devices. Cons are a VPN data cap unless upgraded, significant renewal price increases, and some advanced features being buried in menus. Surfshark Antivirus provides real-time malware scanning, webcam and microphone protection, data breach alerts, and is bundled with Surfshark VPN. It is available on Windows and Android. Pros include competitive pricing when bundled with VPN, a clean interface, and decent malware detection. Cons are fewer features compared to dedicated suites, limited iOS support, and being relatively new in the antivirus space. Norton 360 includes real-time threat detection, LifeLock identity monitoring (on higher tiers), a built-in VPN with no data cap, cloud backup, and a password manager. It supports multiple platforms. Pros are strong overall protection, dark web monitoring alerts, and no VPN data limits. Cons include a higher starting price, automatic renewal enabled by default, and being resource-heavy on older machines. Avast Free Antivirus offers real-time virus and malware protection, a Wi-Fi network scanner, a browser cleanup tool, and a basic ransomware shield. It is available on multiple platforms. Pros include core protection for free, lightweight installation, and an extensive threat database. Cons are aggressive upselling, past privacy concerns, and advanced features locked behind a subscription. Malwarebytes focuses on malware and adware detection, offering real-time protection (Premium only), a browser guard extension, and a light system footprint. It is available on multiple platforms. Pros include excellent detection of adware and a user-friendly interface. Cons are the lack of real-time protection in the free version and fewer features compared to full-suite competitors. Free antivirus software should prioritize real-time protection, coverage beyond basic viruses, a browser extension for blocking suspicious sites, and automatic updates. Free versions typically handle common threats adequately but lack advanced features and support found in paid versions. Some free tools may collect user data, raising privacy concerns. To install antivirus software on Windows 10, download it from the official website, follow setup instructions, and ensure background protection and automatic updates are enabled. Transitioning from Windows Defender is usually managed automatically by most antivirus programs. Running two real-time scanners can cause conflicts; instead, pair a primary antivirus with a secondary tool like Malwarebytes for manual scans. If a paid antivirus plan is not renewed, protection may revert to a limited mode or cease entirely. Microsoft Defender offers adequate protection but lacks additional features like a VPN or identity monitoring. Standard antivirus plans typically range from to 0 annually, with renewal prices often increasing.

Tech Optimizer

April 15, 2026

Bitdefender Total Security

Bitdefender Total Security includes features such as a network security inspector, advanced ransomware defense, a hardened browser, and an active Do Not Track system. It offers a two-tier pricing model: an individual subscription for .99 per year for five licenses and a family subscription for .99 for 25 licenses, which includes parental controls. The software features an interface similar to Bitdefender Antivirus Plus, with user-configurable buttons for quick access to features. It boasts high scores from independent antivirus testing labs and excels in malware protection and antiphishing tests. Bitdefender includes a SecurePass password manager, firewall protection, spam filtering, webcam protection, and cryptomining protection. The parental control features allow parents to manage their children's online activities, but they may not be as effective as dedicated solutions. Bitdefender Total Security provides protection for macOS and Android, with high ratings for its performance on these platforms. The Android app includes malware scanning, web protection, and anti-theft features. The Bitdefender Central app allows users to manage their security settings from mobile devices.

Tech Optimizer

April 15, 2026

Avast Antivirus: Free Protection Faces Rising AI Threats in Cybersecurity Market

Avast Antivirus offers a robust free version with premium features, providing high-quality protection against cyber threats, including viruses, spyware, and ransomware. Key features include Smart Scan, Password Manager, and Network Inspector, which help users identify vulnerabilities and safeguard their data. Avast has a global user base of over 435 million and is particularly relevant in the U.S., where data breaches affect millions annually. The company operates under Gen Digital, which acquired Avast in 2022, leveraging a freemium model to attract users and upsell advanced features. Avast focuses on AI-driven threat detection and maintains a strong market position against competitors like Norton and McAfee. The global cybersecurity market has surpassed 0 billion, driven by increasing threats, and Avast counters these with machine learning capabilities. Risks for Avast include zero-day exploits, privacy concerns, and competition from built-in OS protections. Avast's cloud-based updates and multilingual support enhance its appeal, while its integration with smart home devices is planned for the future.

Winsage

April 15, 2026

Windows Update Warning: Fake Windows 11 24H2 Site Pushes Password-Stealing Malware

A sophisticated fake Windows update site has emerged, designed to mimic Microsoft’s branding to distribute malware, specifically targeting individuals seeking early access to Windows 11 version 24H2. The fraudulent site resembles a legitimate cumulative update download page, using familiar design elements to evade detection. The malware operates as an information-stealing entity, targeting saved passwords and browser sessions, potentially bypassing two-factor authentication. It transmits stolen credentials through encrypted channels to external servers. The installer uses legitimate packaging tools to minimize detection and employs obfuscated scripts within legitimate software components. The campaign modifies system startup entries and creates disguised shortcuts to maintain persistence. Researchers noted the use of a typosquatted domain and meticulously spoofed file properties. As of April 2026, Microsoft has not released Windows 11 version 24H2 to the public, and legitimate updates are only available through Windows Update. Users are advised to obtain updates exclusively through official channels and keep security features updated.

Tech Optimizer

April 14, 2026

Fake Windows 11 24H2 Update Site Distributes Password-Stealing Malware

A recent discovery by Malwarebytes has identified a cyber threat involving a typosquatted domain that mimics official Microsoft support pages. This site uses authentic branding and KB-style reference numbers to deceive users into downloading what appears to be a legitimate cumulative update. The malware, once installed, operates stealthily, stealing passwords from browsers and active sessions, which allows attackers to bypass two-factor authentication. The stolen data is sent to external servers through encrypted channels. Initial scans showed zero detections by multiple antivirus engines due to the malware's obfuscated scripts. It also modifies system startup entries and creates disguised shortcuts for persistence. Microsoft has not yet released Windows 11 version 24H2 to general users, and updates should only be obtained through official channels to avoid potential threats.

Winsage

April 13, 2026

Stealthy Malware Campaign Uses Fake Windows Update Site To Infect PCs

A new malware campaign targets Windows users by using a fraudulent clone of a Microsoft website to steal sensitive information. Victims are directed to a typo-squatted web address that resembles an official site, where they are prompted to download a file named WindowsUpdate 1.0.0.msi. This file uses a legitimate open-source installer framework and incorporates Electron, JavaScript, and Python, making it difficult to detect; VirusTotal showed zero detections across 69 engines. The malware maintains persistence by modifying the Windows registry and placing a shortcut named Spotify.lnk in the startup folder. Currently, the campaign primarily targets French-speaking users, but similar tactics may spread to other regions. Users are advised to apply updates only through the Windows Update feature in the Settings menu.

Tech Optimizer

April 11, 2026

Antivirus protection built into Windows

Windows 11 includes Microsoft Defender Antivirus, which is active from the moment the device is powered on and integrated into the operating system. It continuously updates to protect against various threats, including malicious files and unsafe links. Microsoft Defender SmartScreen evaluates the safety of websites and downloads, providing warnings for dubious content. Smart App Control prevents untrusted applications from executing, while Controlled folder access protects personal files from unauthorized modifications. Users can verify the operational status of Microsoft Defender Antivirus through Windows Security settings. Best practices for maintaining security include keeping the antivirus updated, using a single real-time antivirus engine, and enhancing security habits. Microsoft Defender Antivirus is generally sufficient for everyday risks, but additional third-party antivirus solutions may be considered based on individual needs.

Tech Optimizer

April 10, 2026

Popular Monitor Utilities, CPU-Z And HWMonitor, Have Been Infected With Malware

Recent reports indicate that the hardware monitoring tools HWMonitor and CPU-Z have been compromised, leading to users downloading malware instead of the legitimate software. Users reported receiving suspicious executable files and antivirus alerts when attempting to download the latest versions. A specific incident involved a user who downloaded HWMonitor from the official CPUID website, only to find the file was labeled incorrectly and flagged as a virus by Windows Defender. Cybersecurity experts confirmed that this is a serious issue involving a multi-stage trojanized attack from a compromised domain. The developer of CPU-Z and HWMonitor acknowledged that a secondary feature linked to the website was compromised for about six hours, causing the main website to display incorrect files. Users are advised to refrain from downloading or updating these utilities until the issue is resolved.