hackers Archives

AppWizard

May 26, 2026

Is your phone bill higher? 200+ Android apps might secretly be stealing money from you

A new type of malware has emerged that targets smartphone users by inflating phone bills through unauthorized carrier subscriptions. Discovered by cybersecurity firm Zimperium, this operation involves nearly 250 counterfeit Android applications that impersonate popular apps like TikTok and Instagram. Once downloaded, the malware uses advanced techniques such as JavaScript injection and SIM card access to enroll users in fictitious premium services without their knowledge. The scam has primarily affected users in Malaysia, Romania, Thailand, and Croatia, with Malaysia accounting for 85% of the victims. Google has confirmed that these malicious apps are not available on the Play Store and that users are protected by Google Play Protect. Despite a peak in activity in September 2025, parts of the scam's infrastructure remain operational, with the last recorded activity in January 2026. Users are advised to practice online security measures to protect their personal data.

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

AppWizard

May 22, 2026

Valorant’s new Vanguard update seems to be bricking cheaters’ PCs. Riot’s response? “Congrats on your $6k paperweights”

Riot Games' Vanguard anti-cheat system, introduced with Valorant and later integrated into League of Legends in 2024, operates at a kernel level, raising concerns about potential damage to players' PCs. Issues arose when streamer Nick 'LS' De Cesare experienced computer problems after a Vanguard update. The latest version of Vanguard reportedly made some cheaters' computers inoperable, requiring a complete operating system reinstall. Players must have Vanguard installed to access Riot's games, and the system now blocks most DMA firmware, which is used to mask cheats. Vanguard can activate even without Valorant installed, and if it detects DMA firmware, the only solution is a Windows reinstall. Riot Games acknowledged the complaints humorously, highlighting the frustrations of affected users. The kernel-level operation of Vanguard raises concerns about the risk of damaging personal computers due to misidentification, and legal discussions about its implications are ongoing. Players who do not want to use Vanguard cannot access Riot's games.

TrendTechie

May 21, 2026

007 First Light рискует оказаться на торрентах до официального релиза

The game 007 First Light is set to launch on May 27, but there are concerns about it being leaked onto torrent sites before its release. Players who pre-order the game can start playing 24 hours earlier than the general public, increasing the risk of piracy. Recent trends show an increase in fully functional pirated versions of major games appearing before their official launches, including titles like Pragmata and Death Stranding 2. There is no confirmed information about the use of the anti-piracy system Denuvo on Steam, and even with such protections, hackers have been able to bypass them. Factors contributing to early availability of game builds to hackers include failures in pre-loading systems and actions by reviewers. Even if a game avoids leaks initially, it is likely to be pirated eventually.

Winsage

May 15, 2026

Microsoft’s MDASH AI found 16 critical Windows flaws before hackers could exploit them

Microsoft is enhancing its cybersecurity measures by integrating advanced technologies such as artificial intelligence and machine learning to improve real-time threat detection and response. The company offers comprehensive security solutions for various IT infrastructure aspects and fosters collaboration with other tech firms and government entities to share intelligence on emerging threats. This proactive approach aims to empower organizations worldwide to strengthen their defenses against cyberattacks.

TrendTechie

May 13, 2026

На торренты слили Subnautica 2, но это старый билд

Some players have experienced outdated versions of Subnautica 2 ahead of its anticipated release on May 14. A leak has occurred, distributing older builds of the game online, leading to various theories about its source. Unknown Worlds Entertainment has confirmed the leak, stating that the circulating builds are incomplete and do not represent the final game. They warned that these unofficial builds may contain bugs and cannot be verified for safety or stability. The official release will differ significantly from the leaked versions and will launch in an "early access" format, with plans for ongoing updates and new features.

Winsage

May 12, 2026

Hackers Can Hide Malware Inside Images to Hack Windows

Researchers at Cyfirma have identified a cyberattack campaign named Operation SilentCanvas that targets Windows systems using deceptive JPEG files to infiltrate devices. The attack begins with victims receiving a file named sysupdate.jpeg, which contains a PowerShell script instead of an image. This script establishes staging environments and downloads additional malicious components while avoiding detection. The malware reconstructs command strings at runtime and downloads a secondary payload called access.jpeg, executed in memory. It exploits Microsoft's .NET compiler to create a custom launcher named uds.exe on infected machines. The malware takes control of a registry key to create a hidden desktop environment for undetected execution of malicious tools and installs a persistent Windows service, OneDriveServers, to maintain activity after reboots. Additionally, it can intercept usernames and passwords at the Windows login screen and create hidden local administrator accounts for long-term access. Security teams are advised to monitor the execution of commonly abused Windows binaries like csc.exe and ComputerDefaults.exe to mitigate risks.

BetaBeacon

May 6, 2026

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.