hacker Archives

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 4, 2026

Hacker tracks Australian police using Android app

Australian police officers can potentially be tracked through publicly available Bluetooth applications due to a design flaw in tasers and body-worn cameras manufactured by Axon. A hacker demonstrated this vulnerability by using Android apps to detect nearby Bluetooth devices, revealing the location of police equipment, including model and serial numbers. The flaw arises from the failure to implement MAC address randomization, which could enhance security. The hacker developed software capable of tracking devices from over 400 meters away, raising concerns about the potential for criminal activities targeting police. Despite warnings to various police agencies, responses indicated confidence in existing security measures, although similar risks have been noted in the US, leading to the cessation of Axon body camera use by US Border Patrol agents. The vulnerability is considered a hardware-level issue, requiring significant redesign efforts from Axon to address it.

Tech Optimizer

May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.

AppWizard

April 29, 2026

Denuvo is finally dead: every PC game protected by the DRM can now be cracked or bypassed

A group of hackers has declared Denuvo, a digital rights management (DRM) software, as "fully useless" after successfully bypassing its protections, which have been in place since 2014. They achieved this through two main strategies: direct cracking, which removes Denuvo from games, and hypervisor bypass, which deceives Denuvo into functioning normally. These methods have been applied to games like Crimson Desert and Resident Evil Requiem. Recently, a prominent hacker announced the release of hypervisor bypasses for EA Sports games, confirming that all games using Denuvo can now be played for free.

Winsage

April 23, 2026

Get Linux on your ancient 486 Windows 95 desktop using WSL9x — very old Windows PCs can cooperatively run very modern Linux kernels

A computer enthusiast has developed a tool called WSL9x, which allows users to run contemporary Linux kernels on early versions of Windows (from Windows 95 onward) and on machines with 486 CPUs. WSL9x enables the simultaneous operation of Windows and Linux applications without relying on hardware virtualization. The architecture includes a client program, wsl.com, which manages a DOS window for the console driver. Meanwhile, the Linux community is phasing out support for the Intel 486 CPU, with developers removing related support options in the Linux kernel, marking the end of support for this processor.

Winsage

April 22, 2026

You can now run WSL on Windows 95, in case you’re crazy, too

Hailey has developed the Windows 9x Subsystem for Linux (WSL9x), which allows the 6.19 Linux kernel to run on Windows 9x systems without a graphical user interface, relying instead on a terminal experience. WSL9x consists of three main components: a modified Linux kernel that interacts with Windows 9x APIs, a virtual device (VxD) driver that initializes WSL9x and manages userspace events, and a simple 16-bit DOS client for passing commands to the Linux kernel. The system handles syscalls through a general protection fault handler due to limitations in the Win9x architecture. However, this setup poses security risks as both the Linux kernel and Windows kernel operate with the same CPU privileges, meaning instability could occur if either crashes. Comprehensive instructions for installation are available on Hailey's Codeberg page.

AppWizard

April 21, 2026

Europe is abandoning WhatsApp and Signal: Why governments are introducing their own messaging apps

European officials are transitioning from messaging platforms like WhatsApp and Signal to state-controlled applications to reduce reliance on US technologies. Six nations—France, Germany, Poland, the Netherlands, Luxembourg, and Belgium—are implementing secure messaging systems for sensitive communications. NATO has its own solution, and the European Commission plans to finalize its transition by year-end. This shift is driven by cybersecurity threats, particularly targeting politicians through popular apps, prompting advice to deactivate Signal groups to prevent data leaks. Belgium has developed the BEAM app, controlled by the state, for official use, offering features like end-to-end encryption and participant management. The localization trend is influenced by geopolitical dynamics and past incidents highlighting Europe’s dependence on foreign technology. Additionally, transparency issues have emerged, as reliance on private messaging services has obscured communications related to significant contracts, such as vaccine agreements.

Winsage

April 15, 2026

It has been revealed that Microsoft did not remove Copilot from Windows 11, but simply renamed it, leading to complaints from some users.

Microsoft has begun removing the Copilot button from select applications in its Windows 11 ecosystem, starting in late March 2026, as part of a strategy to integrate AI more effectively. Changes announced by Pavan Davrli on March 20, 2026, include improved taskbar customization, enhanced control over Windows Update, and performance boosts for File Explorer. The Copilot button has been removed from applications like Snipping Tool and Notepad, but the AI-powered tools remain accessible under the name "Advanced features." Users can disable the standard Copilot functionality through settings. The decision has sparked mixed reactions, with some users feeling disillusioned and expressing concerns about unnecessary AI features in essential software.

Winsage

April 13, 2026

The engineer who built Windows Task Manager in the 90s says its 80KB footprint was a feature not an accident

David Plummer, a veteran Microsoft engineer, created the original Windows Task Manager (Taskmgr.exe) in the 1990s, which had a file size of only 80KB. This small size was crucial for its functionality during system freezes. Plummer used a mutex to check if another instance of the program was running, allowing for efficient operation without complex process lists or loops. His recent reflections in early 2026 have sparked discussions about the evolution of software, particularly criticizing Windows 11 for straying from its foundational purpose and emphasizing resource efficiency. The 1990s hardware constraints forced developers to innovate, contrasting with today's environment where abundant resources allow for less efficient applications. Plummer's mutex technique is now seen as a benchmark in application design, highlighting a generational shift in development practices. The discourse around his 80KB Task Manager raises questions about the future of software procurement and the importance of memory footprint in purchasing decisions.