detection methods Archives

Tech Optimizer

July 21, 2025

How Often Should You Update Your Antivirus Software?

Antivirus software protects devices from various digital threats, including viruses, Trojans, ransomware, and spyware. According to the 2025 Antivirus Statistics and Consumer Report, 75% of users believe their antivirus software effectively safeguards their devices. The effectiveness of antivirus software depends on the last update, as neglecting updates leaves devices vulnerable to emerging threats. Frequent updates are necessary because hackers continuously develop new malware. Failing to update antivirus software increases the risk of hacking and can degrade device performance. It is recommended to check for updates daily, perform manual checks weekly, and expect major updates every 3 to 6 months. Free antivirus software may offer limited protection and fewer updates, requiring users to be proactive in checking for updates.

Tech Optimizer

July 20, 2025

Antivirus vs Anti-malware: which is best for you?

The landscape of cyber threats has evolved, with increased sophistication and frequency of attacks, partly due to advancements in artificial intelligence. Businesses, regardless of size, should reassess their vulnerabilities as even small entities can be targeted. Investing in robust cybersecurity software is essential, with a distinction between antivirus and anti-malware tools being crucial. Malware includes various types of malicious software, and while antivirus software primarily uses signature-based detection, anti-malware tools employ advanced techniques like behavioral analysis and sandboxing. Anti-malware programs can identify hidden threats that antivirus may miss, such as rootkits. Antivirus solutions have adapted to include heuristic analysis and additional features like password management and firewalls. Antivirus is designed for average users, while anti-malware is favored by high-risk users, though everyone can benefit from both. Combining antivirus and anti-malware creates a layered security system, and many vendors now offer integrated products. Popular antivirus solutions with anti-malware capabilities include Bitdefender, Norton 360, McAfee, and Avast. Users are encouraged to run both types of software or choose a combined solution for comprehensive coverage. Despite high detection rates, users should remain vigilant and informed to reduce the risk of cyberattacks.

AppWizard

July 7, 2025

Qwizzserial Android Malware Masquerades as Legit Apps to Steal Banking Data and Intercept 2FA SMS

A new Android malware family named Qwizzserial has emerged, primarily affecting users in Uzbekistan. Identified by Group-IB in March 2024, it functions as an SMS stealer that intercepts two-factor authentication codes and banking information. The malware disguises itself as legitimate applications and spreads through deceptive messages on Telegram, leading to approximately 100,000 infections from around 1,200 samples. Qwizzserial employs social engineering tactics, such as enticing file names and fake Telegram channels, to lure victims. Once installed, it requests permissions for phone calls and SMS access to exfiltrate sensitive data using Telegram bots. Advanced variants utilize obfuscation tools and may request users to disable battery optimization. The financial impact is significant, with one group reportedly generating around 0,000 between mid-March and mid-June 2025. The malware targets banking notifications and large transactions, exploiting the local banking sector's reliance on SMS authentication. Group-IB has developed detection methods to combat this threat.

Tech Optimizer

July 5, 2025

Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware

Cybercriminals are using legitimate software installer frameworks like Inno Setup to distribute malware, taking advantage of its trusted appearance and scripting capabilities. A recent campaign demonstrated how a malicious Inno Setup installer can deliver information-stealing malware, such as RedLine Stealer, through a multi-stage infection process. This process includes evasion techniques like detecting debuggers and sandbox environments, using XOR encryption to obscure strings, and conducting WMI queries to identify malware analysis tools. The installer retrieves a payload from a command-and-control server via a TinyURL link and creates a scheduled task for persistence. The payload employs DLL sideloading to load HijackLoader, which ultimately injects RedLine Stealer into a legitimate process to steal sensitive information. RedLine Stealer uses obfuscation techniques and disables security features in browsers to avoid detection. The Splunk Threat Research Team has developed detection methods focusing on indicators such as unsigned DLL sideloading and suspicious browser behaviors. Indicators of Compromise (IOC): - Malicious Inno Setup Loader Hash 1: 0d5311014c66423261d1069fda108dab33673bd68d697e22adb096db05d851b7 - Malicious Inno Setup Loader Hash 2: 0ee63776197a80de42e164314cea55453aa24d8eabca0b481f778eba7215c160 - Malicious Inno Setup Loader Hash 3: 12876f134bde914fe87b7abb8e6b0727b2ffe9e9334797b7dcbaa1c1ac612ed6 - Malicious Inno Setup Loader Hash 4: 8f55ad8c8dec23576097595d2789c9d53c92a6575e5e53bfbc51699d52d0d30a

Tech Optimizer

June 2, 2025

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses

Underground cybercriminal forums are seeing an increase in advanced malware tools, including a Windows crypter that claims to bypass major antivirus solutions. This crypter is marketed as fully activated and capable of achieving Full Undetectable (FUD) status against contemporary antivirus engines. It employs advanced obfuscation techniques to evade detection, including code injection methods, entropy manipulation, and anti-debugging features. The tool allows for granular control over obfuscation parameters, enabling customization for specific target environments. The rise of such sophisticated evasion tools poses challenges for traditional endpoint security, making organizations vulnerable if they rely solely on signature-based antivirus solutions. To defend against these threats, organizations should adopt multi-layered security architectures, including behavioral analysis and endpoint detection and response (EDR) solutions.

AppWizard

May 13, 2025

Your Android phone will soon warn you about that sketchy app sneakily changing icons

Google Play Protect is set to enhance its security features to better defend against malicious applications. The upcoming update will include the ability to detect changes in app icons, alerting users when an app alters its icon, a tactic used by malicious developers. Additionally, Google Play Protect will improve its on-device malware detection capabilities by implementing new rules to identify specific text or binary patterns associated with known malware families. These enhancements aim to provide users with timely alerts before installing potentially harmful applications, significantly reducing the risk of malware. The new icon detection feature will roll out in the coming months, initially available on the Pixel 6 series and select devices from other manufacturers. The on-device rules will be updated regularly to address emerging threats, and the enhanced malware scanning capability will be accessible to all Android users with Google Play Services.

Tech Optimizer

April 7, 2025

Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools

Sakura RAT is a newly developed remote administration tool available on GitHub, designed for use by malware analysts and security researchers. It features capabilities such as hidden browsing, hidden virtual network computing (HVNC), fileless execution, multi-session control, and anti-detection mechanisms to evade antivirus and endpoint detection systems. While marketed for research purposes, its open availability raises concerns about potential misuse by cybercriminals for activities like data exfiltration and ransomware deployment. Cybersecurity experts are advocating for the removal of the repository from GitHub and calling for improved detection systems to combat the risks posed by such advanced tools.