domain Archives

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 28, 2026

These 3 Android Apps Can Block Ads On Your Phone

Users are increasingly seeking effective solutions to enhance their browsing experience in digital advertising, with some opting for methods beyond traditional ad-blockers, such as configuring a private DNS server to filter ads at the system level. This method can face challenges, including certain applications circumventing settings and networks blocking custom DNS configurations, which may lead to connectivity issues. DNS-based ad-blocking can disrupt app functionality or create voids where ads would typically appear. NextDNS offers customizable blocklists for ad-blocking and functions as a customizable endpoint, requiring users to set it up through Android's native DNS settings. It provides a dashboard with parental controls, tracking protection, and analytics tools, free for up to 300,000 queries per month. AdLock focuses on system-wide ad-blocking across various platforms and requires users to download the APK and subscribe for use on multiple devices, starting at .05 per month. It does not allow ads to be displayed and includes a safety check feature for potential threats. Total AdBlock, developed by Total Security Limited, offers free and premium versions, with the premium version providing full functionality, including ad-blocking on YouTube. It has a high effectiveness score on the AdBlock Tester tool and includes features like content blocking and direct support access. The curated list of ad blockers targets options that do not require root access and are cost-effective, designed to operate at the device level for Android users, as the default Chrome browser does not support extensions. Trustworthiness and reputation were key factors in the selection process, focusing on maintaining a clean browsing experience without invasive tracking mechanisms.

AppWizard

April 26, 2026

Zenless Zone Zero coming to Steam later this year

Zenless Zone Zero is set to be released on PC in the second quarter of 2026, with a Steam page now available for pre-release tests and a goal of reaching 300,000 wishlists for a milestone event. The game received a mixed review score of 55% from Kerry Brunskill, who described it as a "shallow, polished front for a relentless online store." Developer MiHoYo, known for successful titles like Genshin Impact and Honkai: Star Rail, previously achieved 50 million downloads of Zenless Zone Zero within a week of its initial launch. There were speculations about a 40% chance of HoYoverse games coming to Steam due to concerns over revenue cuts, but the games have a strong following that may allow them to succeed without Steam. The Epic Games Store has faced criticism, and the release of Zenless Zone Zero may test its appeal compared to other storefronts.

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.

AppWizard

April 23, 2026

The 7th Guest Remake launches in June, bringing back one of the earliest PC CD-ROM games

PC CD-ROM drives led to the development of notable games like Myst, Star Wars: Rebel Assault, and The 7th Guest. Nintendo secured rights for The 7th Guest for a planned SNES CD add-on, which was never released. In 2023, The 7th Guest was re-released on the Nintendo eShop after three decades. Vertigo Games is remaking The 7th Guest, featuring reimagined puzzles and environments, with a scheduled launch on June 4th, priced at .99, available on PS5, Xbox Series, and PC, with a Nintendo Switch version expected later. Owners of The 7th Guest VR on Steam or PlayStation will access the remake for free, and those who purchase the remake on Steam or PS5 will receive The 7th Guest VR for free on Steam VR or PlayStation VR2.

Tech Optimizer

April 23, 2026

Everywhen issues six checks to spot unsafe websites

Everywhen has released guidelines to help organizations identify unsafe websites and combat online fraud. The guidance includes six checks users can perform before visiting unfamiliar sites: 1. Utilize website safety checker tools like Google Safe Browsing and Norton Safe Web. 2. Verify the site contains standard business information, such as contact details and social media links. 3. Conduct reputation checks by reviewing public feedback for complaints related to fraud or poor service. 4. Evaluate visual and editorial standards for indicators of illegitimacy, such as poor grammar or outdated branding. 5. Maintain updated antivirus software to block malicious downloads and phishing attempts. 6. Adjust browser settings to receive alerts about suspicious websites. The guidance highlights the importance of scrutinizing URLs for unusual spellings or characters and distinguishes between HTTP and HTTPS, noting that the padlock symbol does not guarantee trustworthiness. The initiative aims to protect both consumers and organizations from cyber threats, particularly as fake websites increasingly target personal information and financial transactions.

Winsage

April 22, 2026

I just found out the creator of Windows Task Manager accidentally left his phone number inside the app

Dave Plummer, the creator of the original Task Manager at Microsoft in the 1990s, encountered an issue where CPU utilization readings occasionally exceeded 100%, which he suspected was a bug in the kernel. Despite being a user interface designer and facing skepticism from the kernel team, he implemented 'asserts' in the code to diagnose the problem. One assertion specified that CPU usage should not exceed 100%, and he embedded his name and home phone number in the code for anyone who might encounter the issue. No one ever contacted him about the bug, and it remained unresolved until the kernel developers identified and fixed it later.

AppWizard

April 21, 2026

Trojanized Android App Fuels New Wave of NFC Fraud

A new variant of the NGate malware family has emerged, using a trojanized Android application to capture payment card data and personal identification numbers (PINs). This modified version of HandyPay, a legitimate NFC relay app, has been distributed since November 2025, primarily targeting users in Brazil. The malware intercepts NFC payment card data and allows fraudulent transactions. Two distinct malware samples have been observed, delivered through phishing infrastructure that impersonates a Brazilian lottery site and a Google Play listing for a card protection tool. The trojanized app captures NFC data, requests the victim's card PIN, and transmits this information to attacker-controlled infrastructure. It requires minimal permissions, leveraging its role as the default payment application to evade detection. Evidence suggests that generative AI tools may have been used in its development, indicated by emoji markers in debug logs. ESET has reported its findings to Google, and Google Play Protect can detect known versions of the malware. The developer of HandyPay is investigating the misuse of its application.