fake Archives

AppWizard

May 14, 2026

5 Android App Permissions You Should Never Allow

Users should be cautious when granting permissions to applications on Android devices, as extensive access can lead to security vulnerabilities. Apps with accessibility permissions can perform actions like hacking passwords and altering device settings without user consent. Overlay permissions allow apps to display content over others, which can be exploited by malicious apps to trick users into providing sensitive information. Installing apps from unknown sources poses risks to device security and privacy. Usage data access enables apps to monitor user activity, which can be sold to advertisers. Granting access to contacts and SMS can lead to privacy concerns, as this information can be exploited by malicious entities. Users are advised to regularly review and manage app permissions to mitigate potential threats.

AppWizard

May 12, 2026

Mixtape is at the center of another tedious culture war discourse, and I think I know why

Harvey Randall recently reviewed the game Mixtape from Annapurna Interactive, rating it a 74. The game received mixed reviews, with IGN giving it a perfect 10, VGC a five-star rating, and GameSpot and Nintendo Life scoring it nine, while GamesRadar+ rated it four stars. Discussions have arisen regarding the game's ties to the Israeli Defense Forces, leading some to reconsider their support for Annapurna, although Randall finds claims of astroturfing unfounded. He argues that the developer, Beethoven & Dinosaur, is transparent about its partnership with a publisher. The game features themes of nostalgia and explores a fantastical version of '90s suburban America, with character dynamics that hint at deeper themes without overtly pushing social agendas. Randall describes Mixtape as a charming character drama that elicits laughter and warmth, despite differing personal experiences. He acknowledges the subjective nature of gaming experiences and the range of opinions surrounding the game.

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

Google warns 7 million Android users to delete these 28 fake apps

28 Android applications were removed from the Google Play Store after being identified as scams by security researchers at ESET. These apps, part of a campaign called “CallPhantom,” falsely claimed to provide access to private call logs, SMS records, and WhatsApp activity. They attracted millions of downloads despite lacking legitimacy, offering fabricated data such as fake phone numbers and bogus call durations. Some apps charged users for “detailed reports” that either never arrived or contained nonsensical information. The apps did not steal phone data or install malware but instead promised illicit access and generated fictitious data. The primary targets of this scam were users in India and the Asia-Pacific region.

Winsage

May 11, 2026

Microsoft denies Windows 11 CPU boost trick is a lazy fix, says Apple does this and you love it

The Low Latency Profile feature in Windows 11 temporarily increases CPU frequency to improve responsiveness for high-priority tasks, benefiting even low-powered virtual machines. It is currently available in Windows 11 Insider builds and aims to optimize performance with minimal impact on battery life and thermal performance. Critics have labeled it a "band-aid" solution for a bloated operating system, while Microsoft’s VP Scott Hanselman defended it as a standard practice in modern operating systems. He noted that the feature is particularly effective on ARM architecture, such as Qualcomm's Snapdragon chips, and explained that the complexity of contemporary Start menus requires more processing power than older versions. Microsoft is working to streamline the Start menu while also enhancing performance through the Low Latency Profile.

AppWizard

May 11, 2026

28 Android apps delivering bogus information were installed 7 million times from Google Play Store

The CallPhantom apps achieved 7.3 million installations on the Google Play Store but provided users with randomly generated data instead of legitimate information. ESET, part of the App Defense Alliance, discovered the deceptive nature of these apps and reported them to Google, leading to their removal. Some of the 28 identified apps had bypassed the official billing system, complicating refund processes. The investigation began with an app called Call History of Any Number, which falsely claimed to provide call histories for any number, despite being associated with a misleading developer name, Indian gov.in. The apps produced fabricated call histories by generating random phone numbers paired with fixed names and call details. They primarily targeted Android users in India and utilized the widely used UPI payment system. User comments in the Play Store warned others about the fraudulent nature of the service. The apps also employed tactics to lure users into paying for non-existent data, including fake email notifications prompting users to subscribe.

AppWizard

May 9, 2026

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers from ESET have discovered 28 fraudulent applications on the Google Play Store that falsely claimed to provide access to call histories for any phone number. These apps have been downloaded over 7.3 million times, with one app alone accounting for over 3 million downloads. The operation, named CallPhantom, primarily targeted Android users in India and the Asia-Pacific region. Users were lured into subscription services, paying for access to fictitious data, including call histories and SMS records, but received only randomly generated information. Some apps were published under the developer name "Indian gov.in" to create a false sense of trust. Payments were processed through the Google Play Store or third-party applications like Google Pay and Paytm. Users who subscribed via Google Play may be eligible for refunds, while those who used third-party payment methods may not be able to recover their funds. The fraudulent activity may have been ongoing since at least November 2025.

AppWizard

May 8, 2026

Fake call logs, real payments: How CallPhantom tricks Android users

A series of fraudulent applications known as CallPhantom have been identified on the Google Play Store, claiming to provide access to call logs, SMS records, and WhatsApp call history for a fee. A total of 28 CallPhantom apps were reported, with over 7.3 million downloads. These apps falsely generated random phone numbers and fabricated data, misleading users into paying for nonexistent services. The apps primarily targeted Android users in India, utilizing UPI for payments and often sidestepping Google Play's official billing system. Users expressed frustration in negative reviews after being scammed. The investigation revealed two clusters of deceptive applications: one that presented hardcoded data and another that promised to send call histories via email after payment. Refunds may be possible for subscriptions made through Google Play, but users who paid outside the platform must contact their payment provider or the app developer for resolution.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

Tech Optimizer

May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.