Google Chrome Archives

Tech Optimizer

November 17, 2025

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

The threat actor Dragon Breath, also known as APT-Q-27 and Golden Eye, has been observed using a multi-stage loader called RONINGLOADER to deploy a modified variant of the remote access trojan Gh0st RAT, primarily targeting Chinese-speaking users. The campaign employs trojanized NSIS installers disguised as legitimate applications, such as Google Chrome and Microsoft Teams. The infection chain utilizes various evasion techniques, including a legitimately signed driver, custom Windows Defender Application Control policies, and manipulation of the Microsoft Defender binary. RONINGLOADER's attack chain involves delivering a DLL and an encrypted file labeled "tp.png," which contains shellcode. It attempts to neutralize security products by terminating processes associated with popular antivirus solutions in the region. Specific actions are taken against Qihoo 360 Total Security, including blocking network communication, injecting shellcode into the Volume Shadow Copy service, and restoring firewall settings. For other security processes, RONINGLOADER directly writes a driver to disk to perform process termination. The malware aims to inject a rogue DLL into "regsvr32.exe" to conceal its activities and launch a next-stage payload into high-privilege system processes. The final payload is a modified version of Gh0st RAT, capable of communicating with a remote server, configuring Windows Registry keys, clearing Windows Event logs, and capturing keystrokes and clipboard contents. Additionally, two interconnected malware campaigns identified by Palo Alto Networks Unit 42 employed brand impersonation to deliver Gh0st RAT to Chinese-speaking users. The first campaign, Campaign Trio, occurred between February and March 2025, while the second, Campaign Chorus, detected in May 2025, impersonated over 40 applications. Both campaigns utilized complex infection chains and trojanized installers hosted on domains that circumvented network filters. The second campaign also involved an embedded Visual Basic Script for launching the final payload through DLL side-loading.

Tech Optimizer

November 15, 2025

RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools

A new malware called RONINGLOADER specifically targets Chinese users and can disable security tools. It operates as a multi-stage loader that spreads a modified version of gh0st RAT and bypasses antivirus protections. RONINGLOADER infiltrates systems through fake software installers that mimic legitimate applications like Google Chrome and Microsoft Teams. Once inside, it disables Windows Defender and Chinese security solutions such as Qihoo 360 Total Security and Huorong. The malware uses a signed driver that appears legitimate to Windows but is designed to terminate security processes. If one method of disabling security fails, RONINGLOADER has multiple fallback strategies. The Dragon Breath APT group is behind this campaign, having refined their techniques based on previous operations. The infection begins with a trojanized NSIS installer that drops components onto the victim's system. One installer deploys genuine software, while the other initiates the attack chain. RONINGLOADER creates a directory at C:Program FilesSnieoatwtregoable and deposits two files: Snieoatwtregoable.dll and an encrypted file named tp.png. The DLL decrypts tp.png using XOR encryption and a rotation operation, then loads new system libraries to eliminate security hooks. It elevates privileges using the runas command and scans for active security software, specifically targeting Microsoft Defender, Kingsoft Internet Security, Tencent PC Manager, and Qihoo 360 Total Security. To terminate these processes, it uses a signed driver named ollama.sys, which is digitally signed by Kunming Wuqi E-commerce Co., Ltd. This driver can terminate processes using kernel-level APIs that standard security tools cannot intercept. Additionally, RONINGLOADER blocks network connections for Qihoo 360 before injecting code into the Volume Shadow Copy service process, utilizing Windows thread pools with file write triggers to evade detection.

Winsage

November 12, 2025

Microsoft may have a ‘gift card plan’ to stop Windows users from choosing Google Chrome over Edge – The Times of India

Microsoft is promoting its Bing search engine and Edge browser by offering Windows users 1,300 Rewards points to discourage them from using competitors like Google Chrome. When users search for "Chrome" on Bing, they see ads for Edge that highlight the opportunity to earn these points, which can be redeemed for gift cards or donated to non-profits. The ads specifically target Chrome users, with no similar promotions for other browsers like Opera or Firefox. The Browser Choice Alliance has criticized Microsoft for incentivizing users instead of competing fairly. Additionally, Microsoft runs ads for Edge every two weeks, promoting it as a superior option that uses Chromium technology, offers Microsoft Rewards points, and features like a VPN, while also showcasing AI personalization capabilities.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

November 11, 2025

Microsoft may soon ‘bribe’ users for choosing Edge over Google Chrome: here’s how

Microsoft is offering 1,300 Microsoft Rewards points to users who search for "Chrome" on Bing, encouraging them to try Microsoft Edge instead. This promotion is exclusive to searches for Chrome and does not apply to other browsers like Opera or Brave. Google Chrome holds a 69.3% share of the PC browser market, while Edge has 15.48%. The advertisement for Edge highlights its features, including a built-in VPN, rewards, Microsoft Recommend, and AI personalization, but the expected increase in user adoption has not yet occurred.

Winsage

November 11, 2025

The 7 apps I always install first on a Windows 11 PC — and they’re all FREE

PowerToys is an open-source collection of utilities that enhances productivity for Windows 11 users, featuring tools like FancyZones for window management and Image Resizer. Google Chrome is a popular web browser known for its synchronization across devices. Steam is a primary gaming platform with a robust library and the ability to stream games to a Steam Deck. The Heroic Games Launcher is a third-party alternative to the Epic Games Launcher, offering customizable features and support for GOG and Amazon Games libraries. GIMP is a powerful open-source photo editing tool that provides advanced features without the cost of commercial software. The Windows Subsystem for Linux (WSL) allows seamless integration between Windows and Linux, supporting applications like Docker Desktop and Visual Studio Code. Spotify is used for audio entertainment, helping users maintain focus during work. Tools like Ninite, the Microsoft Store, and winget streamline the installation of applications on Windows 11, with winstall.app providing a user-friendly interface for generating installation scripts.

Winsage

November 11, 2025

‘Real Cash Value’—How Windows Users Get Microsoft’s Free New Offer

Microsoft is offering Rewards points to Chrome users who switch to its Edge browser, allowing them to earn 1,300 points redeemable for gift cards, including Amazon. This promotion appears when users search for "Chrome" on Bing. The Browser Choice Alliance, representing various browsers, has criticized this initiative, claiming it employs manipulative tactics to encourage users to adopt Edge, including forced resets and misleading prompts. They argue that Microsoft is prioritizing financial incentives over fair competition and manipulating the default browser selection process. Chrome holds a 78% market share, while Edge has nearly 9%. Microsoft has not publicly responded to these criticisms.

Winsage

November 10, 2025

Splitting Panes in Windows Powershell The Most Overlooked Feature

In Windows PowerShell, users can split panes within a single window or tab to enhance navigation and multitasking. An informal survey indicated that only about 20% of users were aware of this feature. Users can initiate a split by pressing Shift + Alt followed by either the + or - key, or by using the split tab function in the command menu. Shift + Alt + creates a horizontal split, while Shift + Alt - creates a vertical split. Closing a pane is done with Shift + Control + W, and duplicating a pane can be achieved with Shift + Alt + D. Users can also resize panes using Shift + Alt in combination with direction keys. This feature is beneficial for managing multiple outputs and can be incorporated into scripts.

AppWizard

November 9, 2025

12 apps I urge non-techies to install on their Android phones

The preinstalled Android apps on smartphones may not meet the needs of all users, especially those who are less tech-savvy. Alternative apps can enhance the smartphone experience. TeamViewer allows remote troubleshooting by connecting to others' devices for assistance. Vivaldi offers a customizable browsing experience with ad-blocking and privacy features, while Microsoft Edge is a good option for Windows users. Google Wallet simplifies mobile payments and serves as a digital wallet for various cards. Nobook is a lightweight alternative to the Facebook app, providing faster load times and a streamlined experience. Bitwarden is a password manager that securely stores passwords with one master password, promoting the use of complex passwords. Google Authenticator provides multi-factor authentication by storing 2FA codes securely. Localsend facilitates large file transfers over Wi-Fi networks. Google Photos offers 15GB of free storage for image backup, and Google Gallery helps manage images easily. Tubular provides an ad-free YouTube experience, while Files by Google simplifies file management with categorization and a secure Safe Folder. Gboard enhances typing efficiency with features like autocomplete and swipe typing.

AppWizard

November 6, 2025

Here’s what the redesigned Google Photos and Maps icons look like

Google is updating the icons for its Maps and Photos applications, moving away from the traditional four-color palette to a gradient color redesign. The Photos app will have a more minimalistic change with slightly wider petals, while the Maps icon will undergo a more significant transformation, appearing stout with a seamless blend of colors. These updates reflect a broader branding strategy initiated in May, aligning with the introduction of a new "G" logo. The updated icons were first observed on the Apple App Store, suggesting they will soon be available on the Play Store.