domains Archives

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

Winsage

May 11, 2026

Omnissa adds Windows Server management to Workspace ONE

Omnissa has integrated Windows Server management into its Workspace ONE Unified Endpoint Management (UEM) platform, allowing organizations to manage Windows Server alongside various endpoints from a single cloud-based system. This integration aims to address challenges faced by IT teams that rely on separate tools for server management, which can increase costs and complicate operations. The inclusion of Windows Server enables IT teams to apply policies, automate tasks, and maintain visibility across devices. Hemant Sahani, Vice President of Product Management at Omnissa, noted that this approach offers cost benefits compared to traditional solutions like Microsoft System Centre Configuration Manager, enhancing security and streamlining server lifecycle management. The new support includes over-the-air configuration management, allowing enforcement of security policies and automation of patching. Administrators will have access to remote inventory data and insights into system performance and security issues, leveraging AI and machine learning. The integration allows for the consolidation of management tools, reducing the number of consoles IT staff must navigate. CDW has endorsed this launch, highlighting its potential to simplify operations and improve security for customers. Omnissa currently serves 26,000 customers globally in various domains, including unified endpoint management and security compliance.

Winsage

May 11, 2026

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection tools have typically been divided between Windows and Linux, with Windows solutions focused on Sysmon and Linux solutions on eBPF or auditd. Rustinel is a Rust-based endpoint agent that consolidates these efforts by gathering telemetry from both operating systems using ETW on Windows and eBPF on Linux, normalizing the data into a unified model. It evaluates the information against Sigma rules, YARA signatures, and atomic indicators of compromise, storing alerts in ECS-compatible NDJSON format for integration with SIEM or log-analysis platforms. Rustinel supports a range of events on Windows, including process creation, network activity, and PowerShell executions, while Linux support currently includes process, network, file, and DNS telemetry. It operates in user mode on both platforms, requiring specific conditions for installation. Unlike commercial EDR solutions that use kernel drivers, Rustinel's user-mode design prioritizes simplicity and stability, although it acknowledges limitations in tamper resistance and visibility. The agent utilizes three detection engines: Sigma for behavioral matching, YARA for scanning executables, and an IOC engine for deterministic checks. While it leverages existing content familiar to defenders, it has coverage gaps for certain advanced threats. Rustinel is available on GitHub under the Apache 2.0 license.

Tech Optimizer

May 9, 2026

Avast Free Antivirus: The Go-To Software for Millions of Users

Avast’s free antivirus software is popular among Windows users, known for its user familiarity, robust features, and solid reputation. Key features include real-time malware detection, Smart Scan for multiple checks, a web shield for online safety, behavior-based detection for suspicious activity, and a Wi-Fi Inspector for network vulnerabilities. The software offers reliable malware detection, a user-friendly interface, and advanced tools like ransomware protection and network scanning, but it has downsides such as frequent prompts for premium upgrades and potential performance dips during scans. Avast employs a dual protection approach with signature-based detection and behavioral analysis, checking files immediately upon access and quarantining suspicious ones. It includes web protection to block malicious domains and an Email Shield for harmful attachments. The software receives frequent updates to maintain effectiveness against new threats, leveraging a vast threat intelligence network for rapid response to emerging malware. The free version is suitable for basic tasks like browsing and email management, but users needing advanced features may consider upgrading. Installation should be done from the official website to avoid unwanted software, and an initial scan is conducted post-installation. Avast's longevity is attributed to user habit and trust, consistently performing well in independent tests. When compared to other free antivirus programs, Avast offers a more extensive range of features than some competitors, though it may be more complex. Users can optimize settings for better protection by enabling core shields, adjusting scan strategies, and managing privacy settings. Regular updates are crucial for maintaining effective protection.

Winsage

May 7, 2026

Publish to Microsoft Store as a company—now with free registration and faster onboarding

- The fee for company developer accounts on the Microsoft Store has been eliminated, allowing free account creation. - Developers can now sign up using their organization’s Microsoft Entra ID work account. - The onboarding process has been improved with a revamped flow that includes clearer requirements, real-time status updates, and automated verification checks. - Both Individual and Company accounts are now free to register. - Organizations are encouraged to have their D-U-N-S Number ready to expedite business verification. - If a D-U-N-S Number is unavailable, organizations can upload supporting documents for verification, which may take longer due to manual review. - Providing a business domain email address can help verify employment and speed up account approval. - Email notifications regarding verification status will be sent, and prompt responses can expedite the onboarding process. - Developers can publish a variety of app types on the Microsoft Store without modifying existing code, benefiting from secure discoverability and distribution capabilities. - Non-game apps can utilize their own in-app commerce systems while retaining 100% of revenue. - Organizations can begin the account creation process at storedeveloper.microsoft.com.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 28, 2026

These 3 Android Apps Can Block Ads On Your Phone

Users are increasingly seeking effective solutions to enhance their browsing experience in digital advertising, with some opting for methods beyond traditional ad-blockers, such as configuring a private DNS server to filter ads at the system level. This method can face challenges, including certain applications circumventing settings and networks blocking custom DNS configurations, which may lead to connectivity issues. DNS-based ad-blocking can disrupt app functionality or create voids where ads would typically appear. NextDNS offers customizable blocklists for ad-blocking and functions as a customizable endpoint, requiring users to set it up through Android's native DNS settings. It provides a dashboard with parental controls, tracking protection, and analytics tools, free for up to 300,000 queries per month. AdLock focuses on system-wide ad-blocking across various platforms and requires users to download the APK and subscribe for use on multiple devices, starting at .05 per month. It does not allow ads to be displayed and includes a safety check feature for potential threats. Total AdBlock, developed by Total Security Limited, offers free and premium versions, with the premium version providing full functionality, including ad-blocking on YouTube. It has a high effectiveness score on the AdBlock Tester tool and includes features like content blocking and direct support access. The curated list of ad blockers targets options that do not require root access and are cost-effective, designed to operate at the device level for Android users, as the default Chrome browser does not support extensions. Trustworthiness and reputation were key factors in the selection process, focusing on maintaining a clean browsing experience without invasive tracking mechanisms.

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.

AppWizard

April 25, 2026

GPT-5.5 topped a Minecraft building benchmark and the spatial reasoning implications go far beyond gaming

GPT-5.5 has achieved an xHigh tier result on VoxelBench, placing it at the top of a leaderboard that includes Grok 4.20 Beta, Kimi K2.5 Thinking, and Kimi K2.6. VoxelBench evaluates language models on their ability to construct three-dimensional voxel structures from text prompts, requiring models to translate verbal descriptions into precise 3D objects without images or post-processing. Human evaluators rated GPT-5.5's constructions higher than those of other models tested. Research indicates that producing spatially correct outputs is significantly more challenging than generating executable code, with geometric construction and multi-object composition being the hardest tasks. The MineBench Elo system, calibrated against skilled human Minecraft builders, shows that frontier models are approaching human-level spatial reasoning capabilities, which have implications for fields such as architecture and game development. The VoxelBench leaderboard reflects a competitive landscape where multiple models are achieving similar performance levels, indicating a shift in the AI benchmark landscape. GPT-5.5's results suggest that AI-assisted 3D design workflows may soon be viable, highlighting a transition from capability to integration challenges in the development of AI tools for design applications.