encrypted communication Archives

AppWizard

December 19, 2025

X introduces standalone messaging app X Chat

X is developing a dedicated messaging platform called X Chat, currently in testing, which will allow users to access direct messages from their desktop independently of the main platform. A standalone web app for X Chat has been released, enabling non-X users to connect with friends and family. Additionally, X is planning to develop a mobile app for X Chat to compete with messaging services like WhatsApp and Messenger. This initiative is part of Elon Musk's vision to transform X into an 'everything app' similar to China's WeChat. The platform is also seeking regulatory approvals for payment services that may integrate with its messaging features.

AppWizard

November 30, 2025

Russian censorship agency threatens total block of WhatsApp citing terror links

Roskomnadzor, Russia's media regulator, has warned WhatsApp that it could be blocked unless it complies with local laws, citing concerns about the platform's use for terrorist activities and fraud. The agency highlighted WhatsApp's end-to-end encryption as an obstacle for law enforcement. Since August, Roskomnadzor has implemented gradual restrictions, including blocking voice calls and instructing telecom operators to stop text message verifications for new users, with a complete ban possible if compliance is not met. The regulator has suggested users switch to domestic alternatives, such as the state-backed MAX messaging app. WhatsApp has around 97 million users in Russia and has faced increasing scrutiny amid a broader crackdown on foreign messaging services. The company has reiterated its commitment to end-to-end encryption but has not publicly responded to Roskomnadzor's latest threats.

AppWizard

November 26, 2025

Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages

CISA has issued a warning about spyware targeting users of instant messaging applications, particularly highlighting the Sturnus trojan, which poses significant risks to Android smartphone users. Sturnus, identified as a banking trojan, can bypass encrypted messaging by capturing messages after they are decrypted on the smartphone screen, rather than cracking the encryption itself. Security expert Aditya Sood noted that Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication, complicating detection efforts. The trojan can read everything displayed on the smartphone screen in real time, including sensitive messages and contacts. CISA also identified tactics used by cyber threat actors, such as phishing, zero-click exploits, and impersonation to gain unauthorized access to messaging apps. Users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and be cautious with accessibility permissions to protect against these threats.

AppWizard

November 21, 2025

EAGLE Security UNLIMITED For Android

EAGLE Security UNLIMITED is a mobile application designed to protect users' personal information from privacy violations, rated 4.4 stars from over 1,000 reviews. It addresses threats such as spyware, IMSI catchers, and legal wiretapping. The app allows users to review installed applications, monitor suspicious connections, and promotes encrypted communication tools. It is priced at USD 5.49 and developed by Int64, compatible with various Android devices.

AppWizard

October 24, 2025

New Python Remote-Access Trojan Disguised as Minecraft App Steals Files

A new Python-based remote-access trojan (RAT) has been discovered, targeting gamers by impersonating the legitimate “Nursultan Client” application used by Eastern European Minecraft players. It utilizes the Telegram Bot API for command-and-control operations, allowing attackers to exfiltrate sensitive data and control systems on Windows, Linux, and macOS. The malware employs deceptive installation screens and manipulates the Windows registry to appear as legitimate software, but its persistence mechanism is flawed, failing to survive system reboots. It contains hardcoded credentials, enabling specific attacker control, and can perform functions like system reconnaissance, data theft, and remote surveillance, particularly targeting Discord authentication tokens. The RAT can capture screenshots and activate webcams, sending this information through the Telegram API, which complicates detection. It also has adware-like features that display URLs and images on victims' systems. Researchers believe this malware is part of a Malware-as-a-Service ecosystem, and its signature is identified as QD:Trojan.GenericKDQ.F8A018F2A0 by Netskope’s Advanced Threat Protection.

AppWizard

October 21, 2025

Elon Musk Takes A Dig At Signal, The Messenger’s President Hits Back

Several major platforms, including Snapchat, Signal Messenger, and Duolingo, experienced an unexpected outage that frustrated users. Elon Musk expressed diminished trust in Signal, prompting a defense from Signal's President, Meredith Whittaker, who highlighted the platform's reputation for privacy and security. Signal's centralized system does not compromise encrypted communications, as it does not retain keys to the encrypted data. Musk is promoting X Chat as a secure alternative in the messaging landscape, with plans to enhance user confidence through a simplified verification process. Signal has faced criticism over operational issues, and Musk's comments suggest he aims to position X Chat as a competitor to Signal and other messaging platforms.

AppWizard

October 10, 2025

Potential EU law sparks global concerns over end-to-end encryption for messaging apps

The European Union is set to vote on October 14 regarding the "Chat Control" proposal, which aims to use AI or human oversight to detect child sexual abuse material on devices. Privacy advocates warn that this initiative would require access to the contents of messaging platforms like Signal, Telegram, WhatsApp, and Threema before encryption, threatening the integrity of encrypted communications. Critics argue it could create backdoors for malicious actors, compromising the safety of users such as journalists and domestic abuse victims. The Chaos Computer Club and U.S.-based privacy organizations oppose the proposal, highlighting its potential to inspire similar measures globally and undermine encryption standards. The Danish proposal suggests using AI for content scanning, with an emphasis on evaluating its effectiveness and impact on fundamental rights, but lacks clarity on safeguards for end-to-end encrypted services.

Tech Optimizer

October 7, 2025

New Fully Undetectable FUD Android RAT Discovered and Publicly Released for Download on GitHub

A new Android Remote Access Trojan (RAT) has appeared on GitHub, described as fully undetectable and capable of bypassing advanced permission and background process restrictions in customized Chinese ROMs like MIUI and EMUI. This malware utilizes a multi-layer dropper to integrate its payload within legitimate applications, allowing it to overcome autostart restrictions and battery optimization features. Upon installation, it escalates privileges to gain comprehensive access to the device, using AES-128-CBC encryption for command-and-control communication to evade detection. The RAT can record and delete call logs, intercept voice calls, manipulate SMS messages, and capture keystrokes through a keylogger. It also has capabilities for live screen captures, camera access, audio and video recording, and clipboard hijacking. Additionally, it can encrypt files and lock the device, demanding a ransom for access. The malware employs social engineering tactics, such as spoofed notifications and phishing prompts, to facilitate credential theft. Its persistence mechanisms allow it to operate with minimal resource usage, making detection difficult. The attacker interface is web-based, enabling control from any standard browser without specialized infrastructure. The public release of this RAT raises concerns about the misuse of open-source repositories for distributing malicious tools, prompting calls for stricter oversight on platforms like GitHub.

AppWizard

October 2, 2025

Signal Messenger Impersonated in ‘ProSpy’ Android Spyware Campaign

ESET researchers have identified two Android spyware campaigns, ProSpy and ToSpy, which masquerade as secure messaging apps, Signal and ToTok. These malware families were first detected in June 2025 and are distributed through phishing websites and fake app marketplaces. ProSpy, which mimics a “Signal encryption plugin” or an enhanced ToTok, extracts sensitive user information, including SMS messages, contacts, and device metadata, after gaining permissions. It disguises itself as “Play Services” to avoid detection. ToSpy, discovered concurrently, seeks to capture specific files related to ToTok backups and collects various document types. Both malware types maintain long-term access to infected devices and have been reported to Google, resulting in Play Protect blocking their known variants. The main targets of these campaigns are users in the United Arab Emirates.

AppWizard

August 30, 2025

Google’s Android Lockdown: Are You Really In Control Of Your Phone?

On August 25, Google announced a policy change requiring all app developers to verify their identities before their applications can operate on certified Android devices, extending this requirement to all apps, including side-loaded ones. This policy allows Google to prevent users from running disapproved applications, raising concerns about user freedom and control over their devices. Google cites cybersecurity concerns, claiming that side-loaded apps have led to a significant increase in malware. The company aims to collect personal information from developers to enhance user security, despite criticisms regarding the effectiveness of this approach. Data breaches have become increasingly common, with notable incidents affecting millions, and identity theft costs Americans billions annually. The text discusses the potential of cryptography to enhance trust in digital interactions, highlighting technologies like PGP and concepts like webs of trust as solutions to secure identity verification. Alternative app stores and operating systems focused on user privacy are emerging as potential responses to the challenges posed by Google's policy.