fraud Archives

Tech Optimizer

August 7, 2025

The best VPNs with antivirus of 2025: Expert tested and reviewed

A virtual private network (VPN) combined with antivirus software provides enhanced security for online and offline activities by creating encrypted tunnels that protect privacy and mask online behavior. In the UK, users increasingly adopt VPNs to bypass strict age verification checks. Key benefits of using a VPN include IP address disguise, data encryption, and access to geo-restricted content. The best VPN with antivirus currently recommended is the Surfshark One security suite, which offers a robust VPN experience and effective antivirus capabilities. Other notable VPNs with antivirus features include NordVPN, Private Internet Access (PIA), and CyberGhost, each with unique strengths and pricing structures. Surfshark allows unlimited device connections, offers a seven-day free trial, and has a 30-day money-back guarantee. It features IP masking, automated antivirus protection, and a user-friendly app. NordVPN is known for high-speed performance and robust antimalware features, allowing up to 10 simultaneous connections. PIA offers customizable settings and unlimited connections, while CyberGhost is optimized for streaming and allows connections on up to seven devices. Each service has specific pricing, trial periods, and user ratings across various platforms.

Tech Optimizer

August 1, 2025

Best Alternative to Kaspersky Antivirus of 2025

Bitdefender is a recommended alternative to Kaspersky for antivirus software, offering features such as ransomware protection, exploit protection, SafePay, a VPN (with limited traffic on the entry-level plan), and a password manager. It has a customizable user interface, performs slightly better in malware protection, executes faster scans with lower resource usage, and includes a global website reputation database. Bitdefender provides superior firewall protection and higher-tier plans that feature dark web monitoring, data breach detection, and identity theft insurance. It offers four pricing plans ranging from .99 to .99, covering one account and up to five devices. Customer support includes live chat, email, phone assistance, a community forum, and an extensive knowledge base, which are more comprehensive than Kaspersky's options. Overall, Bitdefender is positioned as a strong choice for users transitioning from Kaspersky, particularly in terms of privacy and security features.

AppWizard

July 30, 2025

Tea app hacked: private messages stolen

Messaging capabilities on the women's dating safety app, Tea, have been suspended due to a cybersecurity breach that compromised thousands of images, posts, comments, and direct messages. The company reported that some direct messages were accessed during the incident, which was first disclosed in late July. Tea has 1.6 million users and is investigating the breach, offering free identity protection services to affected users. Some exposed messages contained sensitive discussions, raising concerns about potential risks such as blackmail. The breach involved the hacking of 72,000 images, including those with users' photo IDs, despite the app's claim of immediate deletion after authentication. The incident affects members who registered before February 2024.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

AppWizard

July 25, 2025

Fake Indian Banking Apps on Android Steal Login Credentials from Users

A recently discovered malicious Android application poses significant risks by masquerading as legitimate banking apps in India. It facilitates credential theft, conducts surveillance, and executes unauthorized financial transactions. The malware operates on a modular architecture with a dropper and primary payload, employing deceptive user interfaces and silent installation techniques to evade detection. The dropper requests extensive permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, to monitor connectivity, install secondary APKs without user awareness, and profile installed apps. It loads a hidden payload and initiates installation using an INSTALL_NOW flag, bypassing app store scrutiny. The main payload requests additional permissions such as READSMS, SENDSMS, and RECEIVESMS for intercepting one-time passwords (OTPs) and two-factor authentication (2FA) codes. It also requests REQUESTIGNOREBATTERYOPTIMIZATIONS, READPHONESTATE, and READPHONENUMBERS for uninterrupted execution, device fingerprinting, and potential call forwarding abuse. Data exfiltration occurs through Firebase Realtime Database, storing user IDs and intercepted SMS metadata. The malware uses Firebase for command-and-control operations and generates phishing pages resembling authentic banking interfaces. Delivery methods include smishing, email phishing, WhatsApp bots, vishing calls, SEO-poisoned websites, malvertising, Trojanized utilities, QR/NFC attacks, preloaded malware on counterfeit devices, and exploitation of accessibility service vulnerabilities. Indicators of compromise include specific SHA256 hashes for the base payload and main payload.

Tech Optimizer

July 24, 2025

Hackers are impersonating credit card companies to infect your PC with password-stealing malware — how to stay safe

Cybercriminals are using a new phishing tactic that involves sending emails that mimic legitimate communications from credit card companies, prompting recipients to confirm purchases through deceptive links. These links lead to fake webpages where malware is initiated through DLL files. One technique, Reflective DLL Injection, allows hackers to inject malware into the Chrome browser's memory, enabling keylogging and data theft. This can result in the capture of sensitive information like login credentials and credit card numbers, leading to account takeovers and identity theft. To stay safe, individuals should avoid clicking on links in suspicious emails, verify destinations, use two-factor authentication, employ strong passwords, and invest in antivirus software.

AppWizard

July 23, 2025

Threat Actors Blend Click Fraud Apps and Malware to Steal Android Credentials

Security researchers at Trustwave SpiderLabs have identified a complex cluster of Android malware that combines click fraud, credential theft, and brand impersonation. This malware exploits the Android Package Kit (APK) file format to distribute malicious applications, often through phishing messages or deceptive websites. Users are tricked into installing these APKs, which are disguised as reputable brands or promotional apps. Once installed, the malware takes advantage of Android's permission model to access sensitive resources, primarily for click fraud and traffic redirection to generate illicit revenue. Some variants engage in data collection and credential harvesting, employing advanced evasion tactics to avoid detection, such as using counterfeit Chrome applications and overlay screens. A notable variant includes a spoofed Facebook app that mimics the official interface and connects to a remote command-and-control server for instructions. The malware uses encryption and encoding to secure data exchanges and employs open-source tools to bypass Android's signature verification. Evidence suggests that the operators may be Chinese-speaking, as indicated by the use of Simplified Chinese in the code and the promotion of related APK campaigns on Chinese-speaking underground forums.

AppWizard

July 23, 2025

Russia is not planning to ban foreign messaging apps, provided they comply with Russian law | Tech Regulation

Russia's deputy head of President Putin’s administration, Maxim Oreshkin, stated that foreign messaging applications will not be banned as long as they comply with Russian laws, which include registration and measures to prevent fraud. He emphasized the development of a domestic messaging app called Max, created by VK, which aims to integrate with Russia's banking system. Oreshkin encouraged entrepreneurs to create user-friendly services for competitive advantage. His comments followed reports of Telegram seeking to align with Russian regulations by filing for registration with Roskomnadzor, although its founder, Pavel Durov, denied claims of exiting the Russian market.

AppWizard

July 23, 2025

Google is taking the hackers to court over a major Android fraud ring

Google is suing unidentified hackers in China for hijacking over 10 million devices to create the BadBox 2.0 botnet. The botnet has been found on budget Android streamers, tablets, and projectors, either preloaded with malware or infected during setup through dubious apps. Google’s Play Protect now automatically blocks anything linked to BadBox 2.0. The lawsuit was filed in a New York federal court following investigations by Human Security and Trend Micro. Compromised devices include TV streamers, projectors, car infotainment systems, and digital photo frames, many of which originated from China. Hackers gain access to home networks by preloading malware or infiltrating devices during setup. The BadBox malware operates in the background, generating fraudulent ad clicks. Google is concerned about the financial burden of fake ad traffic and the impact on user trust and its reputation.

AppWizard

July 22, 2025

Threat Actors Combine Android Malware With Click Fraud Apps to Steal Login Credentials

A new wave of malicious Android Package Kit (APK) files is combining click-fraud advertising and credential theft, primarily affecting regions like Southeast Asia, Latin America, and parts of Europe. These APKs disguise themselves as casual games or clones of legitimate apps, enticing users to sideload them and bypass Google Play’s security measures. Once installed, they request excessive permissions and operate in the foreground to inflate ad impressions while capturing user credentials through convincing login forms. The malware uses a modular configuration system and communicates with an encrypted command-and-control backend. The installation process often begins with social media messages or QR codes leading to spoofed landing pages. The app can embed secondary payloads without invalidating its original signature and minimizes detection by sandboxes. By the time users notice unusual activity, the malware has already exfiltrated ad revenue and credentials.