digital signatures Archives

Tech Optimizer

April 1, 2026

Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus

Ransomware attackers are increasingly using legitimate IT tools, referred to as the “dual-use dilemma,” to infiltrate systems instead of relying solely on traditional malware. Tools like Process Hacker and IOBit Unlocker, originally designed for troubleshooting, are now being weaponized to disable antivirus software. IOBit Unlocker has been linked to cyber campaigns by LockBit Black 3.0 and Dharma, while Process Hacker is used by Phobos and Makop ransomware operators. These tools have trusted digital signatures, allowing hackers to operate undetected. Ransomware attacks typically follow a kill chain, starting with phishing emails or compromised credentials. Attackers gain SYSTEM-level control using tools like PowerRun or YDArk. The attack unfolds in two phases: first, they use “process killers” to terminate antivirus monitoring, and then they employ tools like Mimikatz to extract passwords and erase logs, complicating tracking efforts. The evolution of ransomware tactics includes the use of Ransomware-as-a-Service (RaaS) kits, such as LockBit 3.0 and BlackCat, which are designed to disable antivirus protections. Future trends may involve AI-assisted methodologies that autonomously determine ways to circumvent security measures, indicating a shift in the security landscape.

Winsage

March 31, 2026

What Is Conhost.exe?

Conhost.exe, or Console Window Host, is a legitimate Windows system process responsible for managing the display and behavior of console windows such as Command Prompt and PowerShell. It facilitates text rendering and manages input/output interactions with the graphical user interface. Each time a console application is launched, a new instance of conhost.exe is created, and multiple instances can appear in Task Manager based on active console applications. To verify the authenticity of conhost.exe, it should run from C:WindowsSystem32 or C:WindowsSysWOW64, have a valid Microsoft Windows Publisher digital signature, and not make outbound network connections. High CPU usage or unusual behavior may indicate malware masquerading as conhost.exe. Troubleshooting steps for issues related to conhost.exe include running a malware scan, checking for Windows updates, updating device drivers, and using the System File Checker. Disabling conhost.exe is not advisable as it is essential for the functioning of console applications.

AppWizard

February 12, 2026

Surveillance tool or accessible messenger? All we know about MAX, Russia’s alternative after WhatsApp fully blocked

The Russian government has fully blocked Meta's WhatsApp due to its non-compliance with local laws. In response, the Kremlin has promoted MAX, a state-backed messaging application introduced in 2025. MAX aims to serve as a universal mobile application, consolidating various digital services and was pre-installed on smartphones sold in Russia from September 2025. The Kremlin claims MAX is an accessible alternative for users, but critics view it as a potential surveillance tool due to its design that collects extensive user data and lacks end-to-end encryption.

AppWizard

January 30, 2026

Ultimate Best Android Fax Apps Guide for Users

In 2026, faxing remains prevalent in industries like healthcare, real estate, and law, despite advancements in technology. Modern Android fax applications have replaced bulky fax machines, allowing users to send documents quickly by snapping photos or uploading PDFs. These apps offer features such as digital signatures, cloud storage, and security measures, making them ideal for travelers and remote workers. The Municorn Android Fax App is highlighted for its HIPAA compliance and user-friendly interface. Over 30% of healthcare providers still use faxing to meet compliance requirements, with businesses sending billions of pages annually. Modern fax apps eliminate issues like jammed paper trays and busy signals, enabling users to send documents from various locations. A small clinic reported saving hours weekly by using on-site scanning instead of visiting a fax center. Seven top Android fax apps for 2026 include Municorn Fax App, Fax.Plus, iFax, eFax, Simple Fax, Genius Fax, and Tiny Fax, each with unique features catering to different user needs. Many apps now incorporate AI for scan quality improvement and offer Optical Character Recognition (OCR) for searchable text. Security is crucial, especially for compliance, and users are advised to check for HIPAA compliance when handling sensitive information.

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

AppWizard

October 28, 2025

Telegram Messenger Abused by Android Malware to Seize Full Device Control

Security researchers at Doctor Web have identified a sophisticated Android backdoor, named Android.Backdoor.Baohuo.1.origin, disguised as Telegram X, which has compromised over 58,000 devices globally, with around 20,000 active infections. The malware propagates through malicious websites posing as app catalogs and targets approximately 3,000 different models of devices. It features unprecedented control mechanisms via Redis database integration, allowing extensive manipulation of victims' accounts and devices, including hiding evidence of compromise and autonomously managing messaging functionalities. The malware extracts sensitive data, including SMS messages and clipboard contents, and uploads information to attacker servers every three minutes. Brazil and Indonesia are primary targets, with the malware available on third-party app stores under fraudulent identities.

AppWizard

October 26, 2025

Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control

A sophisticated backdoor known as Android.Backdoor.Baohuo.1.origin has been identified in malicious versions of the Telegram X messenger, granting attackers comprehensive control over victims’ accounts. This malware has compromised over 58,000 devices across approximately 3,000 smartphone models and other Android-based systems, primarily targeting users in Brazil and Indonesia. It spreads through misleading advertisements and third-party app stores, often masquerading as legitimate applications. The malware can exfiltrate sensitive information, manage user interactions, and manipulate messenger functionality without detection. It utilizes a Redis database for command-and-control operations, representing a novel approach in Android malware. The backdoor monitors clipboard contents and collects device information, sending data to attackers every three minutes while disguising its activities.

AppWizard

October 24, 2025

Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X

A new Android malware, identified as Android.Backdoor.Baohuo.1.origin, is disguised as counterfeit versions of the messaging app Telegram X. It has been labeled as one of the most sophisticated Android backdoors this year. The malware is distributed through online advertisements promising enhanced features and connects to remote servers to grant attackers full control over the user’s Telegram account. It can conceal unauthorized logins, erase chat traces, and manipulate app behavior in real-time using the Xposed framework. Over 58,000 devices have been infected, primarily in India, Brazil, and Indonesia. Baohuo communicates directly with a Redis database for command-and-control, allowing seamless operation even if primary servers are down. It can intercept clipboard data and perform regular check-ins on user activity. The malware has been found in third-party app stores, falsely attributed to Telegram’s developer. Users are advised to download Telegram only from official sources.

AppWizard

October 17, 2025

What Is XChat? Musk’s Private Messaging App With Blockchain-Style Encryption

XChat is an encrypted messaging and calling feature integrated into X (formerly Twitter), designed to enhance user privacy and functionality. It offers end-to-end encryption, self-destructing messages, versatile file sharing, and cross-platform audio and video calls without requiring a phone number for registration. Currently in beta testing for select paid subscribers, XChat aims to transform X into an “everything app” similar to WeChat, combining social networking, messaging, payments, and more while prioritizing user privacy. Developed using Rust, it employs public-key cryptography and may incorporate blockchain-inspired techniques for enhanced security. The platform seeks to merge social interaction with private communication and commerce, allowing for anonymous engagement. Challenges include ensuring reliable encryption, addressing metadata leaks, and gaining user trust to transition from established messaging apps.