fake websites Archives

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

AppWizard

October 2, 2025

ProSpy and ToSpy: New spyware families impersonating secure messaging apps

ESET researchers have identified two Android spyware campaigns, Android/Spy.ProSpy and Android/Spy.ToSpy, targeting users of secure messaging apps like Signal and ToTok. These spyware families are distributed through deceptive websites and social engineering tactics, requiring manual installation from unofficial sources. The ProSpy campaign, operational since 2024, uses fraudulent websites to distribute malicious APKs disguised as a Signal Encryption Plugin and ToTok Pro, particularly targeting users in the UAE. The ToSpy campaign, discovered in June 2025, also targets users in the UAE, utilizing fake distribution sites impersonating the ToTok app. Both spyware types request access to contacts, SMS messages, and files, exfiltrating sensitive data in the background. ESET advises users to be cautious when downloading apps from unofficial sources.

AppWizard

July 25, 2025

Fake Indian Banking Apps on Android Steal Login Credentials from Users

A recently discovered malicious Android application poses significant risks by masquerading as legitimate banking apps in India. It facilitates credential theft, conducts surveillance, and executes unauthorized financial transactions. The malware operates on a modular architecture with a dropper and primary payload, employing deceptive user interfaces and silent installation techniques to evade detection. The dropper requests extensive permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, to monitor connectivity, install secondary APKs without user awareness, and profile installed apps. It loads a hidden payload and initiates installation using an INSTALL_NOW flag, bypassing app store scrutiny. The main payload requests additional permissions such as READSMS, SENDSMS, and RECEIVESMS for intercepting one-time passwords (OTPs) and two-factor authentication (2FA) codes. It also requests REQUESTIGNOREBATTERYOPTIMIZATIONS, READPHONESTATE, and READPHONENUMBERS for uninterrupted execution, device fingerprinting, and potential call forwarding abuse. Data exfiltration occurs through Firebase Realtime Database, storing user IDs and intercepted SMS metadata. The malware uses Firebase for command-and-control operations and generates phishing pages resembling authentic banking interfaces. Delivery methods include smishing, email phishing, WhatsApp bots, vishing calls, SEO-poisoned websites, malvertising, Trojanized utilities, QR/NFC attacks, preloaded malware on counterfeit devices, and exploitation of accessibility service vulnerabilities. Indicators of compromise include specific SHA256 hashes for the base payload and main payload.

Tech Optimizer

June 19, 2025

Do You Need Antivirus for Chromebook?

Chromebooks are designed with robust security features, including sandboxing, verified boot, and automatic updates, which contribute to their reputation as secure devices. Despite these protections, vulnerabilities can still exist, particularly through phishing scams, risky extensions, and the use of Linux or Android apps. Security experts suggest that users who frequently engage in online shopping, download Android applications, connect to public Wi-Fi, or store sensitive information in the cloud should consider antivirus software for added protection. Recommended antivirus options for Chromebooks include TotalAV Essential Antivirus, Norton Mobile Security, and Avira Antivirus Security, each offering various features and benefits tailored for Chromebook users.

AppWizard

April 10, 2025

SpyNote Android malware resurfaces in campaign using spoofed app install pages

A report from DomainTools LLC reveals that cybercriminals are using newly registered domains to distribute the SpyNote Android remote access trojan (RAT) by creating fake websites that resemble legitimate Google Play app installation pages. These counterfeit pages often include familiar visual elements to deceive users into downloading harmful APK files, such as a site mimicking the TikTok installation page. The downloaded files typically contain variants of SpyNote, which can conduct surveillance, harvest sensitive information, and execute remote commands on compromised devices. The delivery mechanism involves a two-stage process where a dropper APK installs a secondary APK with core spyware functionalities, utilizing JavaScript to trigger downloads from fake install buttons. Common characteristics of the domains distributing SpyNote include registration with NameSilo LLC and XinNet Technology Corp., hosting on infrastructure linked to Lightnode Ltd and Vultr Holdings LLC, and the presence of SSL certificates. The malware delivery sites contain code in both English and Chinese, suggesting a Chinese-speaking threat actor may be involved. SpyNote has been associated with advanced persistent threat groups targeting individuals in South Asia, including those in the Indian defense sector. Once installed, SpyNote requests intrusive permissions to access SMS, contacts, call logs, camera, microphone, and location services, and employs persistence mechanisms that make it difficult to remove. DomainTools advises users to be vigilant against spoofed app pages and avoid sideloading APKs from unverified sources.

Tech Optimizer

March 25, 2025

What the Tech? Avoiding malware threats

The ABC 6 News Team reports on the Infostealer malware, which has compromised over 2 billion credentials by using fake websites to trick users into providing sensitive information. Infostealer targets searches for free software, cracked software, game cheats, and activation tools, employing tactics such as search engine ads, SEO manipulation, social media promotions, and typosquatting to lure victims. Once installed, Infostealer can steal passwords, credit card information, cryptocurrency wallet data, and personal information. To mitigate risks, users are advised to download software from reputable sources, be cautious of offers that seem too good to be true, install robust antivirus software, enable ad blockers, verify URLs, use multi-factor authentication, keep software updated, and stay informed about cybersecurity threats. Additionally, users can check if their email addresses or passwords have been involved in data breaches at www.haveibeenpwned.com.

Tech Optimizer

February 3, 2025

Regularly Update Software and Devices: A Crucial Step in Crypto Security

Regularly updating software, wallets, operating systems, and antivirus programs is essential for cryptocurrency security. Updates patch vulnerabilities that hackers may exploit, safeguard against new threats, enhance compatibility with new features, secure operating systems, and improve phishing and scam prevention. Keeping hardware wallet firmware up to date is crucial for security and compatibility. Regular updates to antivirus software protect against malware that could compromise cryptocurrency. Establishing a routine for updates, enabling automatic updates, checking for manual updates, and backing up data before updating are recommended practices. Delaying critical updates increases exposure to security risks.

Tech Optimizer

September 27, 2024

McAfee antivirus review

McAfee+ Ultimate provides antivirus solutions for PCs, Macs, and mobile devices, with a 30-day free trial available. The product lineup includes five levels of protection: Basic, McAfee+, McAfee+ Premium, McAfee+ Advanced, and McAfee+ Ultimate, with prices starting low for the Basic plan. The Ultimate plan features three bureau credit monitoring, million in identity theft insurance, and ransomware recovery assistance. McAfee's offerings support multiple platforms, including Windows, Mac, Android, iOS, and Chromebook. The antivirus products utilize cloud-based machine learning for threat detection and provide remote cleaning services. Recent testing showed McAfee scored 100% for existing malware detection but had some false positives. Security features include phishing protection, a password manager, and an advanced firewall. The software's performance slightly impacts system speed, but quick scans are efficient. The user interface is designed for ease of use, and installation is quick, with 24/7 support available.

Winsage

September 24, 2024

Windows 10 and Windows 11 users need to avoid CAPTCHA pop-ups as new malware

Windows 10 and Windows 11 users are facing a new cyber threat involving fraudulent CAPTCHA verification pop-ups that distribute malware. Security experts at McAfee have identified that cybercriminals are using counterfeit CAPTCHA interfaces to trick users into executing malicious PowerShell scripts. When users click on the "I'm not a robot" option in these fake pop-ups, it leads to the copying of a dangerous script to their clipboard, which they are misled into executing. This attack method can occur on both fake websites and through emails. McAfee notes that these attacks utilize multi-layered encryption, complicating detection. Users are advised to avoid unofficial websites, verify URLs in emails, limit clipboard-based scripts, and keep antivirus software updated to protect against this threat.

Winsage

September 24, 2024

All Windows 10 and 11 users on red alert over worrying copy and past bug

Windows 10 and Windows 11 users are facing a new threat involving CAPTCHA exploits, where cybercriminals manipulate CAPTCHA pop-ups to distribute data-stealing malware. The attack begins with a deceptive CAPTCHA window during browsing, which, when interacted with, copies a harmful PowerShell script to the user's clipboard. Users are then misled into executing the script, allowing malware to infiltrate their systems. Attackers also disseminate emails with links to these malicious sites. The complexity of the attacks is increased by multi-layered encryption, making detection and analysis difficult. Users are advised to avoid unofficial websites, verify email URLs, restrict clipboard scripts, and keep antivirus solutions updated.