harmful software Archives

Tech Optimizer

June 5, 2025

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Researchers at DomainTools Investigations (DTI) have identified counterfeit websites mimicking platforms like DocuSign and Gitcode, designed to lure users into downloading malware, specifically a remote access trojan (RAT). These fraudulent sites use tactics such as fake CAPTCHA prompts to enhance credibility and prompt users to download malicious software disguised as necessary updates. The operation employs a multi-stage downloader PowerShell script, reminiscent of older scams that alarmed users with popups about virus infections. Users are advised to be cautious with unfamiliar websites and verify the authenticity of download prompts.

Tech Optimizer

May 28, 2025

Watch out – that antivirus website could be a fake, and infecting your PC with malware

Researchers have discovered a fraudulent website, "bitdefender-download[.]com," posing as Bitdefender antivirus, which is used to distribute the VenomRAT Remote Access Trojan. The site, hosted on an Amazon S3 bucket, tricks users into downloading harmful software through an executable file named "StoreInstaller.exe," which is linked to VenomRAT and contains code from post-exploitation frameworks SilentTrinity and StormKitty stealer. VenomRAT allows cybercriminals to gain unauthorized control over Windows systems, steal sensitive information, log keystrokes, access webcams, and execute commands remotely. The primary goal of this campaign is to steal cryptocurrency by compromising credentials and crypto wallets. The investigation also found connections to other fraudulent operations impersonating banks and IT services, including the Armenian IDBank and the Royal Bank of Canada.

AppWizard

March 31, 2025

Android users ALERT! Google has an update but you need to stop installing THESE apps?

Google's AI-driven threat detection and security measures blocked approximately 2.36 million policy-violating applications from being released on the Play Store last year. In February, Google removed hundreds of malicious applications that were infecting devices with adware and malware. Over 50 times more Android malware originates from internet-sideloaded sources compared to those found on the Play Store. Google is expanding its Play Protect feature across all applications and the upcoming Android 15 will introduce live threat detection. Sophos warned about PJobRAT malware, which can steal SMS messages, contacts, and files from infected Android devices. Experts advise against sideloading apps unless their legitimacy and security are certain.

Tech Optimizer

March 27, 2025

This dangerous new Windows malware hides from your antivirus while impersonating a popular PC brand

A new strain of malware called CoffeeLoader targets Windows users by pretending to be an ASUS utility, specifically imitating ASUS's Armoury Crate. It has sophisticated evasion techniques that allow it to bypass antivirus software. Once installed, it deploys infostealers like Rhadamanthys Infostealer to extract sensitive information. CoffeeLoader operates undetected by executing code on the GPU instead of the CPU, using Call Stack Spoofing to disguise its activities, and employing Sleep Obfuscation to encrypt itself in memory when inactive. It also exploits Windows Fibers to evade detection. To protect against CoffeeLoader, users should download Armoury Crate only from the official ASUS website and be cautious of deceptive links and ads that may lead to malware installation.

AppWizard

March 26, 2025

Malicious Android Apps Evade Detection: McAfee

Cybercriminals are using Microsoft’s .NET MAUI framework to create advanced Android malware that bypasses security measures and compromises user data. A study by McAfee researchers highlights a rise in malicious apps developed with this tool since its introduction in May 2022. These apps often impersonate legitimate applications, particularly from financial institutions, and are distributed through third-party websites or alternative app stores. One example is a counterfeit app mimicking the official IndusInd Bank app, targeting users in India to extract sensitive information. Another variant targets Chinese-speaking users by disguising itself as a social networking service. The malicious apps are designed to be subtle, with harmful code concealed as blob files within the assemblies directory, making detection difficult for antivirus solutions. Hackers use multi-stage dynamic loading, where the Android executable file is loaded in three stages, each encrypted until execution. They also manipulate the AndroidManifest.xml file by adding excessive permissions, complicating analysis and detection. Additionally, attackers replace standard HTTP requests with encrypted TCP socket connections to evade security software. These evolving tactics indicate a potential increase in similar mobile malware threats in the future.

AppWizard

March 22, 2025

Nasty Android apps that steal credit cards and passwords downloaded 60 million times

Over 331 applications on the Google Play Store have been identified as potentially compromised by a widespread malware campaign, which has affected millions of Android devices. These malicious apps can steal sensitive information, including passwords and credit card details, and have accumulated over 60 million downloads globally. They often disguise themselves as benign utility applications, such as QR code scanners and fitness tools, and generate revenue through intrusive advertisements. The malware campaign began in April 2024, with many apps initially appearing benign before being updated with malicious components. Some apps can hide their icons and bypass Android security measures, making detection difficult. Victims are primarily located in Brazil, the United States, Mexico, Turkey, and South Korea. Despite Google's efforts to remove many of these apps, some remain active, and users must take proactive measures to protect their devices.

Winsage

March 8, 2025

Free Alternatives to Paid Windows Software

Windows operating systems often require third-party software for specialized tasks, with free alternatives available to replace paid options. 1. BleachBit is used for system cleaning as a free substitute for CCleaner Pro, effectively enhancing PC performance by removing unnecessary data without tampering with the Windows Registry. 2. Bulk Crap Uninstaller (BCUninstaller) is a free tool for uninstalling programs and bloatware, scanning for leftover files and simplifying the cleanup process with filtering options and color-coded listings. 3. Google Docs is preferred over Microsoft 365 for its user-friendly nature and free 15 GB storage per Gmail account, while LibreOffice is recommended as an alternative for standalone applications. 4. GIMP serves as a free substitute for Adobe Photoshop, offering essential graphic design tools without being resource-intensive. 5. Kdenlive is a free video editor that meets basic video editing needs and is compatible with lower-end PCs, providing a comprehensive suite of features and regular updates. 6. Audacity is used for audio editing, capable of handling both basic and professional tasks, with tools for noise elimination and vocal enhancement. 7. 7-Zip is a lightweight file compression and archiving tool that offers superior compression capabilities and password protection, operating unobtrusively in the background.

Tech Optimizer

March 5, 2025

Cybercriminals are distributing a miner disguised as a restriction-bypassing toolCybercriminals are distributing a miner disguised as a restriction-bypassing tool

In recent months, the use of Windows Packet Divert drivers in Russia has surged, nearly doubling between August 2023 and January 2024, primarily for tools that bypass access restrictions to foreign resources. Cybercriminals are exploiting this trend by distributing malware disguised as these tools, with some bloggers unknowingly promoting such malicious programs. An investigation revealed that a YouTube channel with 60,000 subscribers posted videos on bypassing restrictions, linking to a malicious archive that had been downloaded over 40,000 times. The malware, a variant of SilentCryptoMiner, is designed to mine cryptocurrencies while evading detection. Users are advised to ensure their devices have trusted protection, avoid obscure downloads, and be cautious of even reputable bloggers who may inadvertently share malware.

Winsage

February 27, 2025

Windows 11 pirates have a new and unlikely ally

Microsoft Copilot has begun sharing a method to activate Windows 11 without a legitimate license, a process that has been circulating since 2022. Users have successfully reproduced this activation method by executing a script provided by Copilot. However, Copilot includes a warning about the risks associated with using such scripts, which may violate Microsoft's terms of service and lead to legal repercussions. The risks highlighted include potential legal issues, security risks from malware, system instability, lack of official support, inability to receive updates, and ethical concerns regarding software piracy.

Tech Optimizer

February 19, 2025

Trojanized game PirateFi discovered on Steam

Free downloads from torrent trackers pose significant risks of malware, prompting security solutions to quarantine suspicious files. A recent incident involved the game PirateFi, which was removed from Steam after being flagged for harboring malware that stole browser cookies and compromised online accounts. The game attracted minimal attention, with around 1,500 downloads and reports of unauthorized transactions among players. Valve advised users to run security scans and suggested reformatting their operating systems, which confused many. The developers, Seaworth Interactive, raised suspicions due to their promotional tactics. Malware incidents on Steam are not new, with past cases like Dynostopia affecting players. Gamers are advised to avoid cheats, choose well-reviewed games, and install dedicated gaming antimalware for protection. Kaspersky Premium offers a gaming mode that minimizes interruptions during gameplay.