disguise

Tech Optimizer
July 3, 2026
Cybercriminals are using a sophisticated method to bypass security measures by embedding malware within the VLC media player. This campaign exploits VLC to install ValleyRAT, a remote access trojan, through phishing emails that contain links to download a seemingly harmless file. Once the file is opened, it activates a hidden backdoor that evades detection by antivirus solutions. The malware has been active since 2023, with a significant increase in activity noted through 2025 and into 2026, particularly targeting Chinese and Japanese-speaking users. The infection process begins when a victim clicks a link in a phishing email, leading to a ZIP archive containing a disguised executable and a malicious DLL (libvlc.dll). The executable mimics a legitimate VLC file, and when executed, it loads the DLL, allowing the malware to run under the guise of VLC. The malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, such as performing checks on system behavior and using a fileless approach to inject its payload directly into memory, avoiding storage on disk. Researchers recommend training employees to recognize suspicious filenames and deploying endpoint detection tools to identify DLL sideloading behavior. For organizations affected by this campaign, isolating compromised systems and reviewing security logs are critical initial steps. Indicators of compromise include a malicious email domain, a ZIP archive containing a fake VLC executable, and a download URL for ValleyRAT.
Winsage
June 28, 2026
Microsoft shares rose 5.71% to close at €327.90 on Friday, recovering from a 52-week low of €307.10 earlier that day. The company reported revenue of €82.9 billion in its latest quarterly earnings, an 18% year-on-year increase, driven by cloud and AI services. On June 22, Chevron announced a 20-year power purchase agreement with Microsoft for approximately 2.67 gigawatts of capacity for a data center, with the first power delivery expected in 2028. Microsoft extended its Extended Security Updates program for Windows 10 home users by another year, pushing the final security patch deadline to October 2027. The stock's closing price is only 6.77% above its 52-week low, with a 50-day moving average at €352.96 and a 200-day average at €383.98. The relative strength index is at 43, indicating no strong momentum.
AppWizard
June 26, 2026
Meccha Chameleon is a game developed and published by lemorion_1224, priced at £5.29, that offers a unique twist on the hide-and-seek format through a camouflage mechanic using hand-painted designs. Players transform featureless marble figures into parts of the environment using a brush and eyedropper tool during the hiding phase. The game emphasizes creativity and strategy, challenging players to manipulate visual perception to remain undetected. It was created by a small team of two developers, which has led to some production limitations, such as collision issues and a simplistic user interface. Despite these challenges, the game's handmade quality adds charm and encourages players to embrace its imperfections.
AppWizard
June 26, 2026
Meccha Chameleon, a multiplayer hide-and-seek game launched on Steam, has sold seven million copies shortly after its release, achieving this milestone just two days after announcing five million sales. In comparison, Resident Evil Requiem took two months to reach the same figure. The game allows players to disguise themselves as objects in their environment, fostering quick thinking and creativity. It is priced at .99 and does not include microtransactions, offering a full experience reminiscent of earlier gaming eras. The success of Meccha Chameleon highlights a trend towards smaller, accessible games in a market increasingly dominated by larger titles.
Winsage
June 12, 2026
OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.
AppWizard
June 9, 2026
Old-school gaming consoles are seeing a resurgence, but hackers are exploiting this trend with a malware campaign called "WeedHack," which emerged in January. This malware operates on a "Malware-as-a-Service" model, allowing users to purchase it to infect victims. WeedHack functions as a remote access infostealer, compromising computers to manipulate screens, access webcams, and steal sensitive data. It propagates by enticing users with unofficial "Minecraft" mods and clients, often using videos and download links as bait. Additionally, it employs "SEO poisoning" to promote fake websites as legitimate sources for these mods on platforms like Discord and Reddit. WeedHack disguises itself as a JAR file, similar to the official "Minecraft" client, and once executed, it installs its payload from Ethereum server domains. It can insert itself into antivirus exclusion lists, evading detection, and McAfee's tests show that Windows Defender is ineffective against it. The malware collects extensive information, including Wi-Fi networks and browser cookies, and grants hackers complete control over infected computers. The WeedHack virus serves as both malware and a training ground for aspiring hackers, structured into two tiers: a free version with core capabilities and a paid subscription for advanced features. A community has formed around WeedHack, offering tutorials, a Discord server, and a website for feature requests and custom payload creation. This community aspect lowers the barrier for newcomers, particularly targeting a younger audience that may not understand online safety.
Tech Optimizer
June 6, 2026
Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.
AppWizard
June 3, 2026
The "Minecraft" community is facing a cybersecurity threat from a malware operation called WeedHack, which disguises itself as fake mods to lure players into downloading it. This operation, run by a teenager, has affected over 116,000 players and uses social engineering tactics to distribute malicious mods, cheats, and clients. WeedHack spreads through trusted channels, including YouTube, and employs search engine optimization poisoning to mislead users. The malware operates by disseminating malicious Java Archive files that appear legitimate, compromising devices to extract sensitive information such as session IDs, browser cookies, and cryptocurrency wallet data. It can also steal credentials for applications like Discord, Steam, and Telegram, and includes remote control features for surveillance and keylogging. Approximately 2,000 new infections occur daily, primarily affecting users in the United States, Germany, India, the United Kingdom, and Italy. The low cost of access to this malware has led to its use by teenagers for online bullying and harassment.
AppWizard
May 19, 2026
In Elway Manor, a master thief uses the Vistara Diamond to detect guards and navigates security measures while executing a heist. The game, Thick As Thieves, is set in an alternate early 1900s Scottish city, Kilcairn, where players aim to join the Thieves' Guild. It features two launch maps with dynamic security layouts and three difficulty levels. Stealth mechanics are crucial, with players utilizing various gadgets from the Black Market. The game has shifted to a cooperative format, allowing players to team up. After about ten hours of gameplay, some repetition may occur, but the experience remains polished with quick load times and smooth performance. The game is priced modestly, promising future content from OtherSide Entertainment.
Search