disguise Archives

Tech Optimizer

February 10, 2026

AKDAN Malware Hunters blocks new malware that are difficult to detect with existing Antivirus with ‘AKDAN HALL’

AKDAN Malware Hunters has launched the AKDAN HALL PED, a security solution that detects and neutralizes unknown document-based malware in 0.27 seconds, achieving a 99% success rate against emerging threats. This technology uses Pre-Execution Detection (PED) and a virtual "hypnosis" environment to analyze potentially malicious behavior, differing from traditional antivirus software that relies on known threat databases. CEO Sean Jeon, with over 15 years in cybersecurity, emphasizes the need for proactive measures as 91% of cyberattacks start via email, often using document-based malware. The AKDAN HALL product line includes a cloud-based agent for personal use and the AKDAN HALL Mini, a compact server for sensitive environments, both designed to complement existing antivirus solutions. The company has received support from the Initial Startup Package program at Seoul National University of Science and Technology and plans to expand into the Japanese market.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

AppWizard

January 3, 2026

2025 was so stacked with great games I missed the free, ass-kicking Christmas update to its best singleplayer shooter

Cultic has received significant acclaim as one of the best shooters of 2025, praised for its high-level execution. The game launched a holiday update called "Cultmas," which introduced a bonus map titled "I'll Be Home For Cultmas," featuring new weapons and a fresh enemy type. The update also included optimization tweaks and balance adjustments, notably overhauling burn damage mechanics. Cultic and its Complete Edition are available for purchase on Steam, and players can access the Cultmas map from the "new game" menu without needing the second chapter, released as DLC in 2025.

AppWizard

December 22, 2025

Out of all the new games I’ve played in 2025, Grounded 2 deserves a special nod simply because it makes me like a genre that I really don’t like: multiplayer survival

Over the past year, 32 new gaming titles were released, with Grounded 2 emerging as a favorite. The game builds on its predecessor, which was played for over 110 hours, and emphasizes adventure and teamwork without competitive pressure. Players can engage in cooperative resource gathering or solo missions, fostering enjoyable experiences. Grounded 2 features awe-inspiring moments and rewards fun over competition, making it popular among families. It is currently in early access, with a full version expected by the end of 2026, allowing for ongoing content updates. The game has reshaped the author's perspective on multiplayer gaming, highlighting its non-competitive appeal.

AppWizard

December 22, 2025

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

A new Android-based Trojan named Frogblight is targeting mobile users in Turkiye to steal funds from bank accounts. Identified by Kaspersky's Securelist in August 2025, it spreads through smishing, where scammers send deceptive SMS messages about legal court cases or financial aid. These messages often include links to download malicious applications disguised as legitimate support tools. The malware, which can conceal itself and deactivate on simulated devices or within the U.S., requests extensive permissions to access SMS messages and device storage. Once installed, it opens a legitimate government website to appear credible and injects JavaScript to record keystrokes during banking logins. Recent versions have added keylogging, contact list theft, and private call log collection. The malware has evolved to disguise itself as the Google Chrome browser and other tools, and its source code is available on GitHub, indicating it may be marketed as malware-as-a-service. Kaspersky advises users to avoid downloading APK files from untrusted sources and to scrutinize app permission requests.

Tech Optimizer

December 18, 2025

Chinese hackers fake Teams downloads in false flag ploy

A cybersecurity investigation by ReliaQuest has revealed that a Chinese state-linked hacking group, Silver Fox (also known as Void Arachne), is using search engine optimization tactics to create a counterfeit Microsoft Teams download site at "teamscn[.]com." This site targets Chinese-speaking users and employs a typo-squatting strategy. Victims attempting to download the software receive a trojanized installer labeled "Setup.exe," which checks for the presence of antivirus software and executes obfuscated PowerShell commands to modify Windows Defender exclusion lists. The malware also drops a file named "Verifier.exe" and installs a functional version of Microsoft Teams to disguise its activities. The compromised system communicates with the domain "Ntpckj[.]com" to deliver the ValleyRAT payload, allowing remote access for data exfiltration and command execution. Silver Fox is linked to both state-sponsored espionage and financially motivated activities, having previously conducted similar SEO poisoning campaigns. The campaign primarily targets Chinese-speaking personnel in global organizations, particularly those with ties to China, and poses a significant risk to organizations lacking robust security measures. Security teams are advised to enhance logging and monitoring practices to detect suspicious activities.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.

AppWizard

November 27, 2025

Shueisha Games announces ‘casual non-verbal social deduction action game’ VIVA NOBOTS for PC

Shueisha Games has announced the casual non-verbal social deduction action game VIVA NOBOTS, set to launch on PC via Steam in spring 2026, supporting English and Japanese languages. An open beta playtest will take place from December 12 to 18. In VIVA NOBOTS, players act as humans disguised as excavation robots to infiltrate ancient ruins and collect treasures while avoiding detection. Key features include stealing treasures, exposing rival players using the Doubt Gun, and escaping after securing loot. A new humanoid security bot called the "Android" has been introduced, along with a mega-jackpot feature called "GODPOT." Future updates will include cooperative and VS modes and avatar type changes. Trailers and gameplay highlights are available in both English and Japanese.

AppWizard

November 26, 2025

Android users warned to delete these fake apps after Google alarm

Android users are facing a threat from counterfeit VPN applications that disguise themselves as privacy-enhancing tools but contain malware capable of compromising personal information and security. These fake VPNs mimic reputable brands and use misleading advertisements to appear legitimate. Once installed, they can steal passwords, messages, and financial data, and may even lock devices with ransomware. Google advises users to download VPNs only from trusted sources, look for verification badges, review app permissions, be cautious of free offers, research developers, and avoid scare tactics in marketing. Legitimate VPNs should not request access to personal contacts or photos and should only require network-related permissions.

Winsage

November 25, 2025

Attackers are Using Fake Windows Updates in ClickFix Scams

Threat actors have adapted the ClickFix attack model, using a fraudulent Windows Update screen to disguise malicious code. This screen mimics the legitimate Windows Update interface and prompts users to execute harmful commands. The execution of these commands leads to the installation of LummaC2 and Rhadamanthys info-stealing malware. A report from ESET noted a 500% increase in ClickFix attacks, which now account for nearly 8% of all blocked attacks in early 2025. Huntress researchers tracked ClickFix lures that used steganography to deliver LummaC2 and Rhadamanthys malware, concealing malicious software within image files. The attacks involve a full-screen display that instructs users not to turn off their computers, ultimately prompting them to paste a malicious command. The execution process includes using mshta.exe and PowerShell to load and inject malicious assemblies. European law enforcement recently dismantled infrastructure used by threat actors, but Rhadamanthys is no longer distributed through the fraudulent Windows Update campaign. The use of steganography helps these payloads evade detection while relying on victims to manually execute commands.