fake Archives

Tech Optimizer

June 6, 2026

Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises

Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.

AppWizard

June 6, 2026

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users are the target of a new Android spyware called Asin, identified by ESET in early 2025. The malware is distributed through fraudulent websites that mimic legitimate services, including: - govlens[.]net, registered on May 27, 2025, impersonating a government news source. - pdf-reader[.]help, registered on May 29, 2025, claiming to be a secure PDF editor. - live-war-map[.]com, registered on January 20, 2025, providing updates on military incidents. Two of these domains are promoted via social media accounts on Facebook and Telegram. The spyware combines legitimate functionality with covert capabilities, and its campaigns may target journalists and OSINT researchers in Arabic-speaking regions. Artifacts linked to Asin include an upload to VirusTotal from Türkiye in October 2025, an APK downloaded from c-pdf[.]net in December 2025, and a sample disguised as "Syria Defense Map" detected in January 2026. Users must manually install the applications and grant permissions for the spyware to operate.

AppWizard

June 4, 2026

Teens are using $5 WeedHack malware to target Minecraft players

A recent cybersecurity analysis from McAfee Labs has revealed a malware campaign involving WeedHack, which has garnered over 116,000 hits and is accumulating 2,000 to 3,000 malicious hits daily. WeedHack is marketed as malware-as-a-service (MaaS) and is accessible on the internet, allowing individuals with minimal technical skills to use it for harmful activities. A dedicated Telegram channel for WeedHack has over 850 members, many of whom are teenagers and young adults using the malware for cyberbullying. The malware spreads primarily through YouTube videos promoting Minecraft mods, which often conceal the WeedHack malware. Additionally, bad actors use SEO poisoning tactics to elevate fake websites posing as legitimate Minecraft clients. McAfee lists several legitimate clients targeted by WeedHack, including Meteor Client, Radium Client, and Wurst Client. For an additional fee, attackers can access premium features like webcam access, keylogging, and file management. McAfee advises players to be cautious when downloading mods and to seek help from trusted adults if approached by individuals claiming to have compromised their systems.

AppWizard

June 3, 2026

Australia warns of crypto investment scams on messaging apps

Australia's financial regulatory authority, the Australian Securities and Investments Commission (ASIC), has issued a cautionary note about a rise in investment scams that exploit messaging apps and social media, particularly targeting younger individuals. These scams often start with enticing ads on social media promoting stock trading tips, leading victims to messaging apps where they are misled into thinking they are receiving legitimate investment advice from impersonated figures. Victims are then directed to counterfeit digital asset trading platforms, resulting in lost funds and additional withdrawal fees. Research from Moneysmart reveals that 23% of Australians aged 18 to 28 own digital assets, with 66% taking a speculative approach to investing, and 29% influenced by social media personalities. Additionally, 72% of Gen Z respondents encountered social media ads for digital assets, and 41% were approached to invest in cryptocurrencies. ASIC has proposed measures to mitigate risks, including avoiding sharing personal information from social media, verifying investment platforms through AUSTRAC, and acting quickly if something seems suspicious. The Australian Parliament passed a digital asset framework bill in April requiring digital asset platforms to obtain an Australian Financial Services License (AFSL) within a year to comply with new regulations.

AppWizard

June 3, 2026

Fake Minecraft Mods Infect 116K Systems With WeedHack Malware

A malware campaign named WeedHack has impacted over 116,000 Minecraft players since its inception earlier this year, according to a report from McAfee. Cybercriminals are using SEO poisoning to exploit gamers searching for mods, particularly targeting those hosted on GitHub and creating deceptive web pages that mimic official mod sites. Notable affected projects include Meteor Client, Radium Client, Wurst Client, Aristois, LiquidBounce, and Impact Client. Attackers also produce polished YouTube videos to promote malware, with comments guiding viewers on installation and links to malicious sites. The malware operates in two tiers: a free tier that steals cookies and passwords, targets crypto wallets, captures screenshots, and extracts credentials, and a premium tier that offers advanced capabilities like webcam control and keylogging for a monthly fee. The accessibility of such malware is concerning, prompting Minecraft users to be cautious when searching for and installing mods.

BetaBeacon

June 3, 2026

Fake GTA 6, real malware: the new scam targeting Windows and Android

Attackers create fake GTA 6 beta scams that install trojans on machines, stealing credentials and mining cryptocurrency. Gamers' anticipation for highly anticipated games makes them vulnerable to these scams. NordVPN's antivirus can intercept these files and protect users from phishing sites impersonating gaming platforms. NordVPN's Premium plan includes VPN and antivirus for .85/month. NordVPN's antivirus works well on Windows and macOS, but is limited on mobile versions. The plan comes with a 30-day money-back guarantee.

AppWizard

June 3, 2026

Over 116,000 Mincraft systems infected in WeedHack malware campaign

A malware operation called WeedHack has targeted Minecraft players since January, compromising over 116,000 systems with daily infections between 2,000 and 3,000. It primarily distributes malware through malicious mods, clients, cheats, and utilities promoted on YouTube, utilizing SEO poisoning to reach victims. The campaign features polished YouTube videos with embedded download links and targets keywords related to popular Minecraft clients. WeedHack operates as a malware-as-a-service (MaaS) model, offering a free tier that steals Minecraft session IDs, cookies, and passwords across various platforms, and a premium tier with enhanced capabilities. The operation's Telegram channel has over 800 members, mostly teenagers or young adults. Minecraft players are advised to trust only official sources for mods and verify download links to protect against these threats.

AppWizard

June 3, 2026

Fake ‘Minecraft’ Mods Bring Malware to as Many as 116,000 Players

The "Minecraft" community is facing a cybersecurity threat from a malware operation called WeedHack, which disguises itself as fake mods to lure players into downloading it. This operation, run by a teenager, has affected over 116,000 players and uses social engineering tactics to distribute malicious mods, cheats, and clients. WeedHack spreads through trusted channels, including YouTube, and employs search engine optimization poisoning to mislead users. The malware operates by disseminating malicious Java Archive files that appear legitimate, compromising devices to extract sensitive information such as session IDs, browser cookies, and cryptocurrency wallet data. It can also steal credentials for applications like Discord, Steam, and Telegram, and includes remote control features for surveillance and keylogging. Approximately 2,000 new infections occur daily, primarily affecting users in the United States, Germany, India, the United Kingdom, and Italy. The low cost of access to this malware has led to its use by teenagers for online bullying and harassment.

AppWizard

June 3, 2026

How Android helps keep you safe from impersonation scams with fake call detection

Android is introducing a fake call detection feature that identifies and flags suspected spoofed calls when both the user and the contact are using Phone by Google. This technology aims to protect users from impersonation scams, particularly those using AI voice cloning, and builds on previous measures like alerts for verified financial calls.

AppWizard

June 2, 2026

Google Phone app rolling out Android fake call detection that uses RCS

Phone by Google is introducing a fake call detection feature to protect Android users from impersonation scams that use AI-powered deepfake technology. This feature requires both parties to use Android devices with the Phone by Google app, Google Messages, and Google Contacts. It works by sending a silent confirmation signal to verify the legitimacy of a call. If an impersonation attempt is detected, the user's phone will check with the actual contact's device, and if the real device indicates that it is not making a call, a warning will appear on the user's screen. The feature will roll out globally for Android 12+ devices, starting with Pixel phones, and will be enabled by default. The underlying RCS technology may also be adopted by other apps and manufacturers.