fake Archives

Winsage

March 31, 2026

What Is Conhost.exe?

Conhost.exe, or Console Window Host, is a legitimate Windows system process responsible for managing the display and behavior of console windows such as Command Prompt and PowerShell. It facilitates text rendering and manages input/output interactions with the graphical user interface. Each time a console application is launched, a new instance of conhost.exe is created, and multiple instances can appear in Task Manager based on active console applications. To verify the authenticity of conhost.exe, it should run from C:WindowsSystem32 or C:WindowsSysWOW64, have a valid Microsoft Windows Publisher digital signature, and not make outbound network connections. High CPU usage or unusual behavior may indicate malware masquerading as conhost.exe. Troubleshooting steps for issues related to conhost.exe include running a malware scan, checking for Windows updates, updating device drivers, and using the System File Checker. Disabling conhost.exe is not advisable as it is essential for the functioning of console applications.

Tech Optimizer

March 31, 2026

Best Antivirus Software That Won’t Slow Down Your Computer

Laptops are essential tools that carry sensitive data, making security crucial. Public networks and unsecured Wi-Fi can expose this data to threats. Antivirus software protects laptops by detecting threats, blocking malware, and removing infections. The best antivirus solutions operate quietly in the background without affecting system performance. Top antivirus software includes: - Bitdefender: Strong malware detection, real-time scanning, minimal system impact; some features are exclusive to higher subscriptions. - Surfshark One: Combines antivirus protection with a VPN; lacks some advanced features. - Norton: Comprehensive suite with various security tools; higher renewal fees after the first year. - Avast: Lightweight protection with extra tools; limited features in the free version. Key features to look for in antivirus software include strong malware detection, real-time monitoring, phishing filters, and compatibility across devices. Performance varies, with some tools consuming more resources than others. Users should be cautious of renewal terms and additional features that may not be necessary. Common mistakes after installing antivirus include assuming complete protection, neglecting subscription monitoring, and risky online behaviors. When switching antivirus software, users should properly remove the old software and manage subscriptions to avoid unnecessary costs. Regular updates are essential for effective protection, and free antivirus tools may lack advanced features. Antivirus effectiveness can vary by device, and some products may slow down older devices. Monitoring update status and active features is crucial for verifying antivirus functionality.

Tech Optimizer

March 30, 2026

Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer On macOS

Security researchers have identified a new macOS information stealer called Infiniti Stealer, which extracts sensitive information from Mac users using a social engineering tactic known as ClickFix. This method involves a counterfeit Cloudflare human verification page that prompts users to enter a command in their Mac Terminal, allowing the malware to bypass security measures. The infection process consists of three stages: 1. A Bash dropper script downloads and decodes a hidden payload. 2. A Nuitka loader, designed for Apple Silicon Macs, complicates detection by compiling Python code into a native application. 3. The final payload, Infiniti Stealer, harvests personal data such as browser passwords, macOS Keychain entries, cryptocurrency wallets, and captures screenshots. Indicators of Compromise (IOCs) associated with Infiniti Stealer include: - MD5 Dropper: da73e42d1f9746065f061a6e85e28f0c - SHA256 Stage-3: 1e63be724bf651bb17bcf181d11bacfabef6a6360dcdfda945d6389e80f2b958 - C2 Domain: update-check[.]com - C2 URL: https://update-check[.]com/m/7d8df27d95d9 - Panel: Infiniti-stealer[.]com - Packer Magic: 4b 41 59 28 b5 2f fd (KAY + zstd) - Debug Log: /tmp/.bs_debug.log

Tech Optimizer

March 28, 2026

Trend Micro Maximum Security Review 2026: Is It The Best Protection?

Trend Micro offers five distinct subscription versions for online security, including a 12-month subscription to its Maximum Security Suite Pro Plus, which provides multi-device antivirus, anti-scam software, a VPN, and identity theft protection. The pricing starts at AUD for a basic subscription for one device, with additional costs for more devices and features. The tested plan costs 99.95 AUD per year for six devices. Key features include AI-scam detection, a Gamer Mode that pauses notifications during gameplay, and a minimalist user interface. Installation requires separate logins for each program, and the suite supports MacOS, Android, and iOS, though with limited features on Mac. The built-in VPN is developed in-house, and phishing protection is provided via a browser extension. Folder Shield protects against ransomware by securing specific folders. Independent lab tests show mixed results for Trend Micro's performance, particularly in real-time web-threat protection and ransomware defense, with some weaknesses in offline malware detection.

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.

AppWizard

March 26, 2026

Phishing Campaign Targeting Messaging Apps’ Users

A phishing campaign targeting users of messaging applications has been reported by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). This campaign exploits human behavior rather than software vulnerabilities, leading to the compromise of thousands of accounts worldwide, despite encryption. Attackers impersonate official support accounts and use social engineering tactics to prompt users to click on malicious links, request verification codes, or suggest account recovery actions. If users comply, attackers can take control of their accounts and may deploy malware. Platforms like Signal have been specifically targeted, but the tactics can apply to various messaging applications. Recommendations for users include being cautious with suspicious messages, avoiding unknown requests, carefully checking links, monitoring group chats for fake accounts, using built-in security features, and reporting incidents promptly.

Tech Optimizer

March 24, 2026

This tax-themed malvertising attack can blind security software before it arrives — and then unleashes ransomware

Cybercriminals are targeting taxpayers with phishing schemes and malware attacks as the April 15 tax deadline approaches. They create fake tax form websites that appear in Google Ads, leading users to download malicious software like ScreenConnect, which can disable device security. These tactics aim to steal sensitive information and potentially facilitate ransomware attacks. Counterfeit Chrome updates are also being used in similar schemes. Taxpayers are advised to verify the authenticity of websites and rely on trusted sources to protect their personal information.

Tech Optimizer

March 19, 2026

ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain

The ransomware group LeakNet has evolved its tactics, increasing its average targets from three per month and shifting from purchasing stolen network access to launching its own campaigns. They now use deceptive error screens and a new tool that executes malicious code in a computer's memory. Their strategy includes ClickFix lures, which compromise legitimate websites to display fake security checks, tricking users into executing malicious commands. This method broadens their victim reach and reduces costs. The Deno loader, part of this strategy, collects machine information and retrieves additional malicious code without leaving standard files, making detection difficult. After infiltrating a network, LeakNet checks for active user credentials and uses PsExec for lateral movement, employing Amazon S3 buckets for payload staging and data exfiltration. Defenders are advised to monitor for suspicious behavior rather than just known malicious files, focusing on unusual web commands and unexpected cloud storage connections.

Tech Optimizer

March 13, 2026

Norton 360 Hits One of Its Lowest Prices Ever

Norton 360 is currently offering a significant promotional discount, attracting consumers who may not typically engage with security software. The software has evolved from basic antivirus tools to comprehensive security bundles, addressing the needs of households with multiple connected devices. It includes features such as real-time malware detection, scam protection, a secure VPN, a password manager, dark web monitoring, cloud backup, and parental controls, all housed within a single dashboard. The scam detection system evaluates suspicious links and websites to prevent users from entering credentials on fraudulent sites. Norton 360 is particularly beneficial for individuals managing multiple devices, remote workers, families, and frequent travelers. The current discount is noteworthy due to increased competition in the cybersecurity industry, making the bundled offering more cost-effective than purchasing individual tools separately.

AppWizard

March 12, 2026

Fake Red Alert app used in Android spyware smishing

Acronis' Threat Research Unit has discovered a targeted campaign against Android users involving a counterfeit version of Israel's Red Alert rocket warning app that distributes spyware. The malicious software is spread through SMS messages that appear to be official communications from the Home Front Command, prompting users to download an "update." The fraudulent app mimics the legitimate safety tool, maintaining its rocket alert functionality to avoid detection. Once installed, the spyware collects sensitive data such as SMS messages, contacts, location information, device accounts, and a list of installed applications. This tactic, termed "smishing," combines SMS and phishing techniques. The malware uses sophisticated methods like certificate spoofing and runtime manipulation to bypass Android's signature checks, and it consists of a loader and a secondary component that executes the real alert application while the spyware operates in the background. The spyware monitors user permissions and can harvest SMS messages, contacts, and location data, adjusting its behavior based on the user's geographical position. It sends collected data to a remote command-and-control server, with the exfiltration endpoint identified as ra-backup[.]com. Acronis suggests this campaign may be linked to the group Arid Viper (APT-C-23), known for targeting Israeli interests with trojanized Android applications. Researchers recommend users only download apps from official sources, avoid sideloading packages from SMS links, and review app permissions carefully. They advise checking for the package name com.red.alertx on devices and performing a factory reset if found, along with changing credentials for any accessed accounts.