espionage Archives

AppWizard

April 3, 2026

Russia’s Messaging Tactics: Concerns Over State-Backed App MAX

The Kremlin is promoting MAX, a state-sponsored messaging application, to reduce foreign influence and address privacy concerns among Russians. This initiative coincides with a crackdown on internet freedoms and stringent regulations on foreign messaging platforms like Telegram, with the government framing MAX as essential for national security. Despite official support, many Russians are skeptical due to historical aversions to censorship and a preference for personal autonomy in digital communications. While some have begun using MAX, they still advocate for the right to choose their messaging services, emphasizing individual privacy over state mandates.

AppWizard

March 27, 2026

Guardian source messaging tech bringing in ‘much higher quality’ of tips

The Guardian's secure messaging technology, launched in June, has significantly improved the quality of tips from sources, utilizing advanced encryption techniques to ensure confidentiality. The app allows messages to vanish after 14 days and is designed to protect sources' anonymity better than many other encrypted services. It has been recognized as a finalist for a major award and has led to a notable increase in story tips, particularly from the U.S. and Australia, despite its primary user base being in the UK and Europe. The app operates independently of The Guardian's paywall, enabling non-paying users to submit tips freely. The platform encourages contributions from users who may have felt intimidated by other secure methods. The technology enhances communication quality and allows sources to provide context to existing stories. As of September, the app has one million daily active users, with features that obscure genuine communications among automated messages, contributing to source protection. The Guardian has invested in guiding sources on crafting effective tips and has made the secure messaging technology open source for other newsrooms to adopt, aiming to improve source protection across the industry. Collaborations with organizations like The Signals Network and the University of Cambridge are ongoing to gather feedback and enhance the technology further.

AppWizard

March 20, 2026

Join the circus and swing an election in Moves of the Diamond Hand, the RPG follow-up to Betrayal at Club Low, which hits PC early access in April

Moves Of The Diamond Hand will debut on Steam Early Access on April 13th. It is the successor to Betrayal At Club Low and will feature the first two chapters. The game introduces a "one city block RPG" concept, focusing on infiltrating the Circus X, a renowned circus and artist collective. Players will navigate challenges to secure membership while interacting with colorful characters and facing a mayoral election involving a clone of a deceased mayor. Dice mechanics will influence character stats and gameplay. A demo of the game was previously explored by Nic Reuben, who described it as hectic and disorientating. An update for the demo will be released alongside the early access announcement.

AppWizard

March 12, 2026

Fake Red Alert app used in Android spyware smishing

Acronis' Threat Research Unit has discovered a targeted campaign against Android users involving a counterfeit version of Israel's Red Alert rocket warning app that distributes spyware. The malicious software is spread through SMS messages that appear to be official communications from the Home Front Command, prompting users to download an "update." The fraudulent app mimics the legitimate safety tool, maintaining its rocket alert functionality to avoid detection. Once installed, the spyware collects sensitive data such as SMS messages, contacts, location information, device accounts, and a list of installed applications. This tactic, termed "smishing," combines SMS and phishing techniques. The malware uses sophisticated methods like certificate spoofing and runtime manipulation to bypass Android's signature checks, and it consists of a loader and a secondary component that executes the real alert application while the spyware operates in the background. The spyware monitors user permissions and can harvest SMS messages, contacts, and location data, adjusting its behavior based on the user's geographical position. It sends collected data to a remote command-and-control server, with the exfiltration endpoint identified as ra-backup[.]com. Acronis suggests this campaign may be linked to the group Arid Viper (APT-C-23), known for targeting Israeli interests with trojanized Android applications. Researchers recommend users only download apps from official sources, avoid sideloading packages from SMS links, and review app permissions carefully. They advise checking for the package name com.red.alertx on devices and performing a factory reset if found, along with changing credentials for any accessed accounts.

AppWizard

March 6, 2026

Research company claims spyware posing as Israel’s Red Alert Android app targeting users

Acronis Threat Research Unit (TRU) has uncovered a cyber espionage campaign targeting Israeli civilians through a fake version of the Red Alert app. The attack begins with a deceptive text message claiming to be from Israel's Home Front Command, urging users to download an updated app due to a malfunction. The fraudulent app closely resembles the legitimate Red Alert app but contains malware that collects sensitive personal information, including messages, contacts, location data, and device account details. This data is stored locally and then transmitted to a remote server controlled by the attackers. The hackers use certificate spoofing and other techniques to bypass Android's security measures, making the malicious app appear legitimate. Cybersecurity experts recommend that Israeli users take precautions to protect their personal information.

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.

AppWizard

March 2, 2026

Best Secure and Encrypted Messaging Apps in 2026

Your text messages and calls can be intercepted by hackers, corporations, and government entities, putting your private information at risk. Corporations may use your messages for targeted advertising or sell your data, while hackers may exploit it for identity theft or fraud. Governments may monitor communications under the guise of national security. Secure messaging apps are essential to protect your communications, as many default options expose sensitive information through metadata or lack proper security. Signal is recognized as the most secure messaging app, offering end-to-end encryption, being open-source, and free of charge, though it requires a phone number for registration. Threema allows complete anonymity without data collection but has no free version. Telegram, while popular, has security concerns as not all communications are end-to-end encrypted by default. WhatsApp and Keybase are discouraged due to ownership issues affecting privacy. Characteristics to look for in a secure messaging app include end-to-end encryption, third-party testing, open-source code, self-destructing messages, and minimal user data collection.

AppWizard

February 23, 2026

The Disco Elysium studio’s next game just got a free demo — here’s where to play it

A demo for Zero Parades: For Dead Spies has been released, available exclusively on PC until March 16, 2026, as part of the Steam Next Fest. Players assume the role of Hershel Wilk, a spy whose reputation has been tarnished, and experience the game's isometric art style and dialogue system. The demo features modified or omitted elements to preserve surprises for the full release. The complete game is set to launch on PlayStation 5 and PC later this year.

AppWizard

February 23, 2026

Steam Next Fest has the perfect game demo for Disco Elysium fans, but it’s not ZA/UM’s successor

The author reflects on their gaming journey, noting a significant shift after experiencing Disco Elysium. They find that Citizen Sleeper is the closest game to evoke similar engagement, despite its different gameplay. The upcoming February 2026 Steam Next Fest will showcase two games of interest: Zero Parades, a successor to Disco Elysium, and Esoteric Ebb, which combines Disco Elysium-like mechanics with a Dungeons and Dragons aesthetic. Zero Parades promises a narrative of espionage, while Esoteric Ebb features a reimagined Thought Cabinet using D&D attributes. The author expresses excitement for both titles and encourages fans of Disco Elysium to explore these upcoming games.

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.