disguise Archives

AppWizard

February 25, 2026

Best Android game and app deals for Galaxy 26 pre-order day: Agent A, Down in Bermuda, more

Pre-orders for the Galaxy S26 series, including the Galaxy S26, Galaxy S26+, and Galaxy S26 Ultra, have started. Customers can save up to 0, receive off accessories, and get complimentary Galaxy Buds. Notable discounted Android games include "Agent A: A Puzzle in Disguise" and "Down in Bermuda." Additional offers include free credit towards accessories, up to 0 in trade-in value primarily for the S26 Ultra, and up to 0 off Galaxy S26 devices. More details are available on Samsung's official site.

Winsage

February 24, 2026

Windows 11 Has 4 Powerful Features Most Users Never Turn On (But Should)

Microsoft's Windows 11 includes several built-in features that enhance usability and system management, which can be activated by users: 1. Clipboard History: Allows users to retain multiple copied items and access them with Win + V. To enable, go to Settings > System > Clipboard and toggle on Clipboard history. 2. Snap Layouts: Provides predefined window arrangements for better organization of applications. To ensure it's enabled, go to Settings > System > Multitasking and turn on Snap windows. 3. Show File Extensions: Displays full file names including extensions for better identification of file types. To enable, open File Explorer, select View > Show > File name extensions. 4. Storage Sense: Automates the removal of temporary files and manages storage space. To enable, go to Settings > System > Storage and toggle on Storage Sense. 5. "God Mode": Creates a folder that centralizes access to various administrative tools and settings. To enable, create a new folder on the desktop and rename it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}. These features are built into Windows 11 and do not require third-party applications.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

Tech Optimizer

February 10, 2026

AKDAN Malware Hunters blocks new malware that are difficult to detect with existing Antivirus with ‘AKDAN HALL’

AKDAN Malware Hunters has launched the AKDAN HALL PED, a security solution that detects and neutralizes unknown document-based malware in 0.27 seconds, achieving a 99% success rate against emerging threats. This technology uses Pre-Execution Detection (PED) and a virtual "hypnosis" environment to analyze potentially malicious behavior, differing from traditional antivirus software that relies on known threat databases. CEO Sean Jeon, with over 15 years in cybersecurity, emphasizes the need for proactive measures as 91% of cyberattacks start via email, often using document-based malware. The AKDAN HALL product line includes a cloud-based agent for personal use and the AKDAN HALL Mini, a compact server for sensitive environments, both designed to complement existing antivirus solutions. The company has received support from the Initial Startup Package program at Seoul National University of Science and Technology and plans to expand into the Japanese market.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

AppWizard

January 3, 2026

2025 was so stacked with great games I missed the free, ass-kicking Christmas update to its best singleplayer shooter

Cultic has received significant acclaim as one of the best shooters of 2025, praised for its high-level execution. The game launched a holiday update called "Cultmas," which introduced a bonus map titled "I'll Be Home For Cultmas," featuring new weapons and a fresh enemy type. The update also included optimization tweaks and balance adjustments, notably overhauling burn damage mechanics. Cultic and its Complete Edition are available for purchase on Steam, and players can access the Cultmas map from the "new game" menu without needing the second chapter, released as DLC in 2025.

AppWizard

December 22, 2025

Out of all the new games I’ve played in 2025, Grounded 2 deserves a special nod simply because it makes me like a genre that I really don’t like: multiplayer survival

Over the past year, 32 new gaming titles were released, with Grounded 2 emerging as a favorite. The game builds on its predecessor, which was played for over 110 hours, and emphasizes adventure and teamwork without competitive pressure. Players can engage in cooperative resource gathering or solo missions, fostering enjoyable experiences. Grounded 2 features awe-inspiring moments and rewards fun over competition, making it popular among families. It is currently in early access, with a full version expected by the end of 2026, allowing for ongoing content updates. The game has reshaped the author's perspective on multiplayer gaming, highlighting its non-competitive appeal.

AppWizard

December 22, 2025

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

A new Android-based Trojan named Frogblight is targeting mobile users in Turkiye to steal funds from bank accounts. Identified by Kaspersky's Securelist in August 2025, it spreads through smishing, where scammers send deceptive SMS messages about legal court cases or financial aid. These messages often include links to download malicious applications disguised as legitimate support tools. The malware, which can conceal itself and deactivate on simulated devices or within the U.S., requests extensive permissions to access SMS messages and device storage. Once installed, it opens a legitimate government website to appear credible and injects JavaScript to record keystrokes during banking logins. Recent versions have added keylogging, contact list theft, and private call log collection. The malware has evolved to disguise itself as the Google Chrome browser and other tools, and its source code is available on GitHub, indicating it may be marketed as malware-as-a-service. Kaspersky advises users to avoid downloading APK files from untrusted sources and to scrutinize app permission requests.

Tech Optimizer

December 18, 2025

Chinese hackers fake Teams downloads in false flag ploy

A cybersecurity investigation by ReliaQuest has revealed that a Chinese state-linked hacking group, Silver Fox (also known as Void Arachne), is using search engine optimization tactics to create a counterfeit Microsoft Teams download site at "teamscn[.]com." This site targets Chinese-speaking users and employs a typo-squatting strategy. Victims attempting to download the software receive a trojanized installer labeled "Setup.exe," which checks for the presence of antivirus software and executes obfuscated PowerShell commands to modify Windows Defender exclusion lists. The malware also drops a file named "Verifier.exe" and installs a functional version of Microsoft Teams to disguise its activities. The compromised system communicates with the domain "Ntpckj[.]com" to deliver the ValleyRAT payload, allowing remote access for data exfiltration and command execution. Silver Fox is linked to both state-sponsored espionage and financially motivated activities, having previously conducted similar SEO poisoning campaigns. The campaign primarily targets Chinese-speaking personnel in global organizations, particularly those with ties to China, and poses a significant risk to organizations lacking robust security measures. Security teams are advised to enhance logging and monitoring practices to detect suspicious activities.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.