fake Archives

Winsage

June 24, 2026

Windows RAT Uses Encrypted HTTP C2 and Registry Persistence After npm Infection

A malware campaign targets Windows systems through a malicious npm package named postcss-minify-selector-parser, which mimics the legitimate postcss-selector-parser. This counterfeit package installs a Remote Access Trojan (RAT) on developer machines, beginning with a multi-stage attack triggered by the installation of the package. The RAT can steal credentials, execute shell commands, and communicate with a remote attacker. Security researchers at JFrog identified this threat and reported it on June 22, 2026, noting that two additional related packages, postcss-minify-selector and aes-decode-runner-pro, are linked to the same publisher and remain live on the npm registry. The RAT employs encrypted HTTP communication with a command-and-control (C2) server and ensures persistence by creating a registry key under the Windows Run key. It has capabilities for remote shell execution, file uploads and downloads, and can steal saved login data from Google Chrome using Windows decryption APIs. The malware is designed for organized batch exfiltration of stolen data. Indicators of compromise include specific IP addresses, domains, file paths, and SHA-256 hashes associated with the malware components. JFrog advises users to remove the malicious packages, inspect their dependency trees, and treat any stored credentials as compromised.

AppWizard

June 23, 2026

Telegram’s ad business: How the messaging app makes money

Telegram has established an advertising model that focuses on monetizing public channels, selling ads based on channel topics rather than user identity. Revenue generated from ads is split evenly between Telegram and the channel owner, with no data-mining or behavioral targeting involved. The primary ad format is Sponsored Messages, which appear in public channels with at least 1,000 subscribers and consist of a text block and optional call-to-action button. Advertisers can purchase these ads through a self-serve portal without demographic targeting, ensuring no personal data is used for placements. Public channels are treated as independent units, with 50% of ad revenue going to channel owners, paid in Toncoin. Telegram's ad system has become more accessible by lowering minimum spend requirements. In addition to Sponsored Messages, Telegram is developing Mini Apps funded by its in-app currency, Stars. Regulatory scrutiny has increased, with various countries imposing bans or restrictions on Telegram for reasons related to content moderation and compliance, such as a temporary ban in India in June 2026 due to exam fraud investigations.

Tech Optimizer

June 21, 2026

Is Free Antivirus Safe in 2026? What Most Free Antivirus Apps Don’t Tell You

Some free antivirus software provides legitimate protection against malware, viruses, ransomware, trojans, and suspicious downloads, but not all are equal. Free antivirus programs often generate revenue through premium upgrades, advertising, partner promotions, data collection, or bundled software offers. Users may face upselling tactics, including pop-up notifications and upgrade prompts, which can create confusion between marketing messages and actual security threats. Many free antivirus apps collect data on websites visited, download activity, device information, and security events, raising privacy concerns. Devices often come with built-in antivirus protection, such as Microsoft Defender for Windows and XProtect for Mac, while smartphones have multiple layers of security. In 2026, the biggest cybersecurity risks are phishing attacks, fake websites, investment scams, account takeovers, social engineering attacks, and credential theft, rather than malware. Free antivirus software can create a false sense of security, leading users to believe they are safe from cyber threats. A reputable free antivirus may suffice for users who browse responsibly and maintain good online habits, while paid antivirus may be worth it for additional services like identity theft monitoring and VPNs. Not all free antivirus products offer the same level of protection, so users should choose reputable providers and scrutinize privacy policies.

TrendTechie

June 20, 2026

Что такое торрент, как он работает и можно ли им пользоваться

Downloading a Linux distribution from the official website typically takes about half an hour, but during high-demand periods, such as new Ubuntu releases, speeds can drastically decrease due to server overload. Torrents, which use a peer-to-peer file-sharing protocol, allow users to download and share data simultaneously, reducing the load on a single server. Torrents operate by enabling direct exchanges between users through the BitTorrent protocol, where files are divided into smaller pieces and downloaded in parallel from multiple sources. Key terms include peers (users with parts of the file), seeds (users who have fully downloaded the file), .torrent files (metadata files), and magnet links (text-based alternatives to .torrent files). The BitTorrent protocol does not rely on a central server, enhancing resilience as files can continue to circulate as long as at least one seed is available. To use torrents, a torrent client is needed, with recommended options for 2026 including qBittorrent, Transmission, and BiglyBT. The BitTorrent technology itself is legal, but legality depends on the content being shared. Legal uses include downloading Linux distributions, open-source software, and scientific datasets, while unlicensed movies and cracked software are illegal. In Russia, while torrent technology is not prohibited, downloading copyrighted content without permission is a violation. Risks of using torrents include exposure to viruses and malware, copyright infringement, fake distributions, and IP address exposure. To protect oneself, users should choose moderated trackers, avoid suspicious files, use antivirus software, and limit upload speeds. Common problems include slow speeds, connection issues, and disappearing files, which can often be resolved by checking settings or ensuring there are seeds available. Sharing files after downloading is not legally mandatory but is considered good etiquette in the torrent community.

Tech Optimizer

June 18, 2026

Here’s What Actually Happens When Antivirus Software Scans Your PC

Interactions with antivirus software occur during installation and when issues arise, while the software operates quietly in the background. Modern antivirus solutions continuously monitor for threats using various detection methods, including real-time scanning, which actively scrutinizes files as they are downloaded or accessed. The signature database is essential for identifying malware by comparing files against known signatures, but it can only detect documented threats. Heuristic detection and behavioral analysis help catch unknown malware by evaluating suspicious characteristics and monitoring file actions during execution. Sandboxing allows suspicious files to run in a controlled environment, logging their behavior to determine if they are malicious. Quarantine neutralizes threats by locking files in a secure location, allowing users to review them before deletion. Full scans are resource-intensive and can slow down system performance, while real-time scanning is less demanding. Users can schedule scans during idle times, exclude trusted folders, or consider cloud-based solutions to mitigate performance impacts.

Tech Optimizer

June 18, 2026

Retro gaming fans are the new target for fake GitHub malware

Retro gaming enthusiasts should be cautious when exploring GitHub projects for tools or plugins, as cybercriminals may disguise malware as homebrew software. A specific incident involved a project called EQVita, which pretended to be a free audio tool for PlayStation Vita but actually contained Windows malware. The downloaded file included three files: Launch.bat, luajit.exe, and x64.txt, with the latter concealing a hidden script that connected to the attacker's server upon execution. This scam is part of a broader trend where counterfeit GitHub repositories distribute SmartLoader malware, which retrieves additional malicious software aimed at stealing passwords and cryptocurrency wallets. The PS Vita community, despite the console's production ceasing, remains active in modding, making it a target for attackers. Legitimate plugins typically come in Vita-compatible formats, while fake ones may feature polished marketing materials and AI-generated descriptions. Users are advised to verify sources, be cautious of suspicious downloads, and utilize security tools like Malwarebytes. If someone has executed the malicious EQVitav1.3.zip file, they should conduct a malware scan, change important passwords, and monitor accounts for unauthorized access. Indicators of compromise include the domains https://github.com/Voistace/EQVita and https://voistace.github.io, and the IP address 85.137.52.21.

Tech Optimizer

June 18, 2026

I tested Norton’s Deepfake Protection — and it finally convinced me my next laptop needs an NPU

The landscape of online security has evolved significantly, with deepfake technology introducing new challenges. Users must be vigilant against both traditional malware and convincing fake images and videos. Antivirus software developers are enhancing their products by integrating cloud-based AI for better threat detection. For users with computers featuring neural processing units (NPUs), local solutions are available, such as Norton’s Deepfake Protection, which analyzes synthetic voices and images to flag potential threats. This feature operates in the background, providing peace of mind during online interactions. Norton 360 includes options for Deepfake Protection, Safe Web, and Safe SMS, but requires sufficient system resources to function effectively. Running this protection on older laptops may hinder performance, making NPUs a worthwhile investment for enhanced security against deepfakes and other online threats.

AppWizard

June 18, 2026

India Blocks Telegram Access Ahead of Medical School Retest Amid ‘Fake Leak’ Scandal

The Ministry of Electronics and Information Technology in India has imposed a week-long ban on the messaging app Telegram amid a scandal related to the National Eligibility cum Entrance Test (NEET). This decision, enacted under the Information Technology (IT) Act, aims to protect national integrity and sovereignty, following significant irregularities in the original exam held on May 3. The National Testing Agency (NTA) invalidated the initial exam after discovering question leaks, and the upcoming retest is scheduled for June 21. The ban also includes the disabling of Telegram's 'message editing' feature until June 30. Despite the NTA's assurances that no questions have leaked for the retest, concerns about organized cheating groups using Telegram to spread misinformation persist. Pavel Durov, Telegram's CEO, criticized the ban for impacting millions of users without addressing underlying issues. Protests demanding the resignation of Education Minister Dharmendra Pradhan have occurred, and the case has been referred to the Central Bureau of Investigation (CBI), which has arrested approximately 11 individuals based on preliminary findings of leaked questions in the exam.

BetaBeacon

June 18, 2026

Fake virus alerts are invading mobile games

Cybercriminals sometimes manage to buy advertising space and use it to defraud gamers. The iCloud storage scam is a well-known scam that claims you need to expand your storage or all your files will be deleted. Scammers also use fake warnings to trick users into clicking links or downloading harmful software. Fleeceware apps lure users in with short free trials that quickly convert into hidden subscription fees. The best response to these messages is to ignore them and use an up-to-date anti-malware solution on your devices.

AppWizard

June 17, 2026

New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

Zimperium’s zLabs researchers have analyzed a newly identified Android banking trojan named Rokarolla, which targets 217 distinct banking and cryptocurrency applications. It is distributed through malicious websites that impersonate popular platforms like TikTok and Google Chrome, with one identified distribution point being hxxps://infocontablidades[.]it[.]com/. The malware uses a dropper disguised as Google Play Protect to install a second-stage payload and gain Accessibility Services access, allowing it to simulate user interactions and manipulate on-screen elements. Rokarolla downloads counterfeit HTML login pages for targeted applications and overlays them to capture user credentials, including sensitive card information. It can also deploy a fraudulent PIN entry screen, read and send SMS messages, intercept one-time codes from banks, and block incoming calls. The malware rewrites the clipboard, operates a keylogger and screen content logger, and scrapes WhatsApp contact data. It captures screenshots without alerting users and has a resilient command-and-control infrastructure with multiple fallback domains. No product flaws are exploited, and defenses against it include installing apps only from Google Play and being cautious with Accessibility Services. Zimperium’s Mobile Threat Defense and zDefend products can detect Rokarolla, and a list of indicators of compromise is available on their GitHub repository.