fraud Archives

AppWizard

May 22, 2026

InPVP acquires Feather Client, rebrands as Dawn

InPVP has acquired Feather Client, a third-party Minecraft launcher, focusing on its in-game technology rather than the launcher itself. The acquisition was announced by InPVP owner Mohamed “PizzaMC” Weheba at the UGCon conference in Las Vegas. Feather Client’s parent company, Silentstack, will launch a new launcher called Dawn. Weheba clarified that the acquisition involves a sale of assets without taking on previous liabilities. The acquisition follows allegations of ad fraud against Feather Client. Weheba plans to reduce reliance on ad monetization and focus on direct-to-consumer revenue streams, including the sale of cosmetics and in-game items. He aims to enhance user experience with features like a profanity filter for voice chat and plans to collaborate with the competitive Minecraft organization MCPVP for tournaments. Aditude, Feather's former ad tech provider, has resumed its partnership with Dawn, expressing confidence in Weheba's leadership and the new direction of the project.

Tech Optimizer

May 21, 2026

Bitdefender review: The ultimate antivirus software for all-round protection

Bitdefender is an antivirus software that offers various plans for consumers, families, and businesses, with the Ultimate Security plan being particularly notable. The software features a user-friendly interface, anti-theft and anti-scam capabilities, a VPN, and identity protection services. Pricing for consumer plans starts at .99 for Bitdefender Total Security, .99 for Premium Security, and .99 for Ultimate Security. For small businesses, the Ultimate Small Business Security Plan starts at .99 for three users, scaling up to 9.99 for 25 users. The GravityZone Small Business Security plan costs 9.99 for five devices, with the GravityZone Business Security Plan priced at 9.99. Bitdefender Total Security has received a perfect score of 6/6 from AV Test for Protection, Performance, and Usability, and an AAA rating from SE Labs. The software installation is straightforward, and it performs scans efficiently without impacting system performance. It includes features like Scam Protection Pro, Vulnerability Scan, and identity theft protection, with continuous monitoring of the dark web. Customer support is available 24/7 via email, chat, or phone, and there is a dedicated B2B help center for businesses.

AppWizard

May 21, 2026

Binance’s Android app privacy fight is back in the spotlight

Binance is facing scrutiny regarding the data collection practices of its Android app, which some users believe functions more as a data collection tool than a trading platform. Concerns have been raised about the app's extensive permissions and tracking capabilities, with a report indicating the presence of numerous tracking components, including SDKs from TikTok and WeChat, and over 50 system permissions. Binance's privacy portal states that data is collected for account management, security, marketing, fraud prevention, and legal compliance. Despite this, there are questions about whether the data collection practices are proportionate to the app's intended functions. Binance has a history of legal issues, including a guilty plea in November 2023 that resulted in a .32 billion penalty for anti-money laundering violations. The exchange claims to tailor its privacy framework to regional regulations, but user concerns about the app's tracking capabilities persist. As of early 2026, Binance has over 300 million registered users, making any privacy-related disputes potentially impactful. The ongoing scrutiny may lead to gradual adjustments in Binance's practices rather than a complete overhaul.

AppWizard

May 20, 2026

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have identified an ad fraud and malvertising operation called Trapdoor, targeting Android users with 455 malicious applications and 183 command-and-control domains. Users often download these disguised apps, which initiate malvertising campaigns and lead to further downloads of malicious applications. At its peak, Trapdoor generated 659 million bid requests daily, with over 24 million downloads of the associated apps, primarily from the United States. The operation exploits install attribution tools to activate malicious activities only for users acquired through fraudulent ad campaigns, while suppressing such behavior for organic downloads. Trapdoor employs advanced evasion techniques, including obfuscation and impersonation of legitimate software, to avoid detection. Google has removed the identified malicious apps from the Play Store in response to the threat.

Tech Optimizer

May 19, 2026

Gen Digital stock (US36870C1018): cybersecurity player in focus after latest quarterly results

Gen Digital Inc, headquartered in Tempe, United States, operates in the cybersecurity and consumer digital protection sector. The company primarily generates revenue through subscriptions for its security, identity, and privacy software, with its brands including Norton and Avast. Gen Digital's subscription contracts typically renew annually or multi-yearly, contributing to predictable cash flows. The company has expanded its offerings post-acquisition of Avast, providing services such as antivirus protection, password management, VPN services, and identity monitoring. The majority of Gen Digital's revenue comes from consumer security solutions, with significant contributions from identity theft protection and privacy services. The company sees growth opportunities through cross-selling additional services to existing customers and has a strong presence in the U.S. and developed markets like Western Europe and Japan. Partnerships with device manufacturers and retailers are crucial for customer acquisition. The cybersecurity landscape is evolving, with increasing demand for consumer-focused protection due to rising awareness of identity theft and data breaches. However, Gen Digital faces competition from both paid and free antivirus solutions, requiring continuous innovation. Regulatory developments in data protection laws also impact the industry. Gen Digital employs artificial intelligence and machine learning for threat detection, enhancing its capabilities in response to evolving threats. For U.S. investors, Gen Digital represents an opportunity in consumer cybersecurity, with its stock traded on Nasdaq under the ticker GEN. The company's subscription-based revenue model is closely monitored for cash flow generation and renewal rates, while its performance is influenced by economic conditions and consumer confidence. Investors also consider Gen Digital’s capital allocation strategy, including dividends and share repurchases, which can affect stock performance.

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

AppWizard

May 11, 2026

28 Android apps delivering bogus information were installed 7 million times from Google Play Store

The CallPhantom apps achieved 7.3 million installations on the Google Play Store but provided users with randomly generated data instead of legitimate information. ESET, part of the App Defense Alliance, discovered the deceptive nature of these apps and reported them to Google, leading to their removal. Some of the 28 identified apps had bypassed the official billing system, complicating refund processes. The investigation began with an app called Call History of Any Number, which falsely claimed to provide call histories for any number, despite being associated with a misleading developer name, Indian gov.in. The apps produced fabricated call histories by generating random phone numbers paired with fixed names and call details. They primarily targeted Android users in India and utilized the widely used UPI payment system. User comments in the Play Store warned others about the fraudulent nature of the service. The apps also employed tactics to lure users into paying for non-existent data, including fake email notifications prompting users to subscribe.

AppWizard

May 9, 2026

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers from ESET have discovered 28 fraudulent applications on the Google Play Store that falsely claimed to provide access to call histories for any phone number. These apps have been downloaded over 7.3 million times, with one app alone accounting for over 3 million downloads. The operation, named CallPhantom, primarily targeted Android users in India and the Asia-Pacific region. Users were lured into subscription services, paying for access to fictitious data, including call histories and SMS records, but received only randomly generated information. Some apps were published under the developer name "Indian gov.in" to create a false sense of trust. Payments were processed through the Google Play Store or third-party applications like Google Pay and Paytm. Users who subscribed via Google Play may be eligible for refunds, while those who used third-party payment methods may not be able to recover their funds. The fraudulent activity may have been ongoing since at least November 2025.

AppWizard

May 8, 2026

Meta can see your Instagram messages now, and it’s time to stop using it

Instagram has removed end-to-end encryption from its direct messaging feature, meaning messages are no longer fully private. Meta can access and analyze message content for moderation, citing low adoption rates and safety concerns as reasons for this decision. The change took effect on May 8, 2026, and allows Meta to combat issues like child exploitation, fraud, and harassment. Users can download their chats, but ongoing conversations are not protected by encryption. Meta suggests users transition to WhatsApp for continued end-to-end encryption.