growing threat Archives

AppWizard

May 13, 2025

Google talks smarter security against fraud and theft in The Android Show

Google has announced updates to enhance security and privacy for Android users, including: - Enhanced scam protection for calls and text messages. - Updated Factory Reset protections limiting phone functionality if reset without owner consent. - Upgraded Live Threat Detection in Google Play Services to identify malicious applications. - Introduction of the Key Verifier feature for verifying identities in conversations using public encryption keys, launching this summer for Android 10 and higher. - Expansion of the Identity Check feature to more devices with the upcoming Android 16 release. - Concealment of one-time passwords on the lock screen in Android 16. - Extension of the Advanced Protection program to a broader audience. - Rollout of live threat detection capabilities in Google Play Protect for Pixel 6 and newer devices and other smartphones. - Announcement of Google I/O 2025 scheduled for May 20 at 10 am PT (1 pm ET).

AppWizard

May 9, 2025

These dangerous Android apps are installed 2.5 million times each month

Kaleidoscope is an ad-fraud attack targeting Android users by exploiting legitimate applications on the Google Play Store and offering malicious duplicates through third-party app stores. Approximately 2.5 million devices are affected monthly, with 20% of incidents occurring in India, and other impacted regions include Indonesia, the Philippines, and Brazil. Users unknowingly download legitimate-looking apps while malicious versions circulate elsewhere, leading to intrusive advertisements that disrupt user experience and generate revenue for cybercriminals. Google has removed flagged titles from the Play Store and is enhancing protections, but ad resellers often fail to properly vet their inventory. The adware causes device overheating, rapid battery drain, and sluggish performance, highlighting the need for user vigilance.

Tech Optimizer

April 29, 2025

Intego Mac Internet Security

PCs were introduced before Apple’s Macintosh, leading to the emergence of PC viruses and the establishment of antivirus companies, with Macintosh protection being less prioritized. Intego focused on Macintosh security from the start, offering Intego Mac Internet Security, which includes a firewall that manages network permissions and defends against external attacks. Intego has been effective against Mac malware, achieving a 99.1% malware detection score in independent lab tests, although it lacks phishing protection, a feature offered by competitors Norton 360 Deluxe and Bitdefender Antivirus Plus. Intego's pricing is competitive, with a standard annual fee of .99 for a single license and .99 for three licenses. A five-device subscription costs .99, while the Mac Premium Bundle starts at .99 annually and includes additional features. A 14-day free trial is available, and free alternatives like Avast and AVG are also on the market. Intego supports older macOS versions back to Mavericks (10.9), but the latest version requires High Sierra (10.13) or later. The installation process for Intego is straightforward, requiring a restart and granting necessary permissions. The main interface includes components for updates, firewall, and antivirus, with user-friendly access to scanning options. Intego has received certification from AV-Comparatives and detected 100% of Windows malware samples in tests. Its quick scan takes about two and a half minutes, while a full system scan takes seven minutes. Intego's Safe Browsing feature checks existing browser protections but lacks a dedicated antiphishing solution. The NetBarrier firewall allows users to classify their network and manage traffic permissions effectively, although it may be complex for some users.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

Winsage

February 19, 2025

This high-risk keylogger malware is a growing threat to Windows users

Recent reports indicate a surge in the activity of the Snake keylogger, also known as the 404 Keylogger, linked to over 280 million attack attempts since the start of the year. At its peak, it was responsible for as many as 14 million infection attempts in a single day. The malware can log keystrokes and extract personally identifiable information, including geolocation data, transmitting this data back to its command server through channels like SMTP, Telegram bots, and HTTP post requests. The Snake keylogger operates on the AutoIT framework, creating a copy of itself in the Windows Startup folder to ensure execution upon every system restart. It employs advanced obfuscation techniques to evade detection by antivirus software, hiding its malicious code within processes recognized as legitimate by the operating system. The keylogger primarily spreads through sophisticated phishing attacks.

Tech Optimizer

February 17, 2025

Mac users beware: AI-powered malware threats are on the rise

Apple devices, particularly Macs, are facing an increase in cyberattacks, with a new wave of sophisticated malware targeting sensitive data. The emergence of Atomic Stealer (AMOS) in mid-2023 marked a shift from less harmful adware to more serious threats, with AMOS being marketed as a user-friendly service. By mid-2024, Poseidon became the leading Mac information stealer, responsible for 70% of infections and capable of draining various cryptocurrency wallets and capturing sensitive credentials. Cybercriminals are also using malvertising to lure users into downloading disguised malware. Android users are experiencing an even more severe situation, with a significant rise in phishing attacks. In 2024, researchers identified 22,800 malicious apps designed for phishing, along with thousands capable of reading one-time passwords (OTPs). These apps often mimic legitimate software and can easily infiltrate app stores, including Google Play. While Google Play Protect offers some malware protection, it is not entirely effective. To protect against malware threats, it is recommended to use strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication (2FA) for critical accounts.

Tech Optimizer

February 3, 2025

Thousands of WordPress sites hijacked to spread Windows and Mac malware – how to stay safe

Researchers from c/side have discovered a widespread campaign targeting WordPress sites, resulting in over 10,000 compromised sites that distribute info-stealing malware. The attack exploits outdated versions of WordPress and its plugins, employing a "spray and pay" method that affects anyone visiting the infected sites. Users encounter a fake Chrome browser page prompting them to download a malicious update, which steals personal information such as passwords. The malware includes Atomic Stealer, targeting macOS users, and SocGholish, aimed at Windows systems. To protect against these threats, users should verify download sources, keep software updated, use password managers, and consider identity theft protection services.

AppWizard

February 2, 2025

Google Blocks Over 2 Million Risky Apps to Boost Android Security

In 2024, Google blocked 2.36 million potentially dangerous Android apps from the Play Store, including those that breached policies or were flagged as malicious through AI-assisted reviews. New security features included improved biometric authentication and passkeys. AI-driven threat detection technology automated 92% of human assessments, enhancing the identification of malicious apps. Google expanded its Play SDK database with 80 new reliable SDKs and prevented 1.3 million apps from accessing sensitive user information. The Play Protect system detected over 13 million new malicious apps from outside the Play Store. Google expanded its untrusted APK installation blocking system to Brazil, India, Nigeria, and South Africa. Recommendations for users included installing apps from trusted sources and regularly reviewing app permissions.

Winsage

December 17, 2024

Hackers Exploit Microsoft Management Console to Drop Backdoor Payloads on Windows

The Securonix Threat Research team has identified a phishing campaign called the “FLUX#CONSOLE campaign,” which targets tax-related themes using Microsoft Common Console Document (MSC) files to deliver a backdoor payload. The attack begins with a phishing email containing a decoy PDF titled “Income-Tax-Deduction-and-Rebates202441712.pdf,” which conceals an MSC file that executes malicious payloads. The campaign employs various tactics, including tax-themed lures, exploitation of MSC files, DLL sideloading using DISM.exe, persistence through scheduled tasks, and advanced obfuscation techniques. The attack chain involves tricking users into opening a malicious MSC file disguised as a PDF, which contains XML commands to download or extract a malicious DLL named DismCore.dll. The DLL is sideloaded using Dism.exe, and the malware communicates with a Command-and-Control server at “hxxps://siasat[.]top,” exfiltrating data via encrypted HTTPS traffic. The attackers maintained access for about 24 hours, targeting victims in Pakistan. The tactics used do not align with known advanced persistent threat groups, highlighting the growing threat of MSC files as a delivery method for malware. Indicators of Compromise (IOCs) include the C2 address siasat[.]top and analyzed file hashes for the malicious files involved in the campaign.

AppWizard

December 6, 2024

New Android Spyware Alert—Delete All These Apps Now

Samsung is tightening security measures against apps from unofficial app stores due to a newly discovered threat from a sophisticated malware called DroidBot. Cleafy, a cybersecurity firm, describes DroidBot as an advanced Android Remote Access Trojan (RAT) that combines traditional hidden VNC and overlay functionalities with spyware capabilities, including keylogging and data exfiltration. The malware has infected 77 applications, including those from banking institutions and cryptocurrency exchanges, and is present in countries such as the UK, Italy, France, Spain, and Portugal, with potential expansion into Latin America and the United States. DroidBot operates as Malware as a Service, available for rent to various threat actors, with 17 identified affiliate groups. It disguises itself as popular applications to entice users into downloading it and exploits permissions to operate covertly, particularly using Accessibility Services. Its functionalities include intercepting SMS messages, keylogging, and creating fake login screens to capture user credentials. Users are advised to avoid installing banking apps from unofficial sources, delete any malicious applications, and ensure their devices are secure by enabling Play Protect and keeping the operating system updated. Key safety measures include using official app stores, verifying app developers, being cautious with permissions, avoiding direct download links, and checking the legitimacy of apps claiming to link to established services.