impersonation Archives

AppWizard

April 18, 2025

Perplexity’s Android App Is Infested With Security Flaws, Report Finds

Perplexity has launched a promotional campaign called “Ask like a millionaire,” offering a million-dollar prize to users who download its app, refer friends, and engage with it during the Super Bowl. However, the Android app is facing scrutiny due to significant security vulnerabilities, including issues that could lead to data theft and account takeovers. A report from Appknox reveals that the app's API can be accessed without restriction, and the code contains hardcoded secrets, making it easy for attackers to create counterfeit versions of the app. The app is also vulnerable to task hijacking, which could allow unauthorized access to sensitive data. Perplexity, founded in 2022, has raised 0 million in venture capital and has over 10 million downloads. The company is exploring partnerships with smartphone manufacturers and has faced criticism for alleged copyright infringement. Security experts advise users to consider removing the app until the issues are resolved.

Winsage

March 18, 2025

Microsoft Warns Windows Users—Change Your Browser As New Attacks Underway

Microsoft has issued a warning to Chrome users about a new remote access trojan called StilachiRAT, which can exfiltrate sensitive information such as stored credentials and digital wallet data. StilachiRAT can scan for configuration data across 20 cryptocurrency wallet extensions in Chrome and can extract and decrypt saved usernames and passwords. The malware can also monitor Remote Desktop Protocol (RDP) sessions, capture active window information, and impersonate users to gain unauthorized access to networks. Microsoft recommends that users switch to its Edge browser or other browsers with SmartScreen technology to enhance security. Additionally, users are advised to install software from official sources, utilize Safe Links and Safe Attachments in Office 365, and enable network protection features in Microsoft Defender for Endpoint. Despite this, Chrome remains the dominant browser among Windows users.

Tech Optimizer

March 9, 2025

Do Macs Really Need Antivirus? The Truth About Mac Security in 2025

Mac users have historically believed their computers are immune to viruses and malware, but this notion may be outdated as cyber threats evolve. The rise in popularity of Macs has attracted cybercriminals, leading to the development of sophisticated malware and ransomware specifically targeting Mac operating systems. Phishing attacks have also become more prevalent, using impersonation tactics to extract sensitive information from users. Built-in security features like Gatekeeper and XProtect provide some protection, but experts now recommend considering third-party antivirus solutions for enhanced security, especially when handling private information, downloading from unverified sources, or using Macs in business environments. While some users worry that antivirus programs may slow down their systems, modern options are designed to be more efficient. Ultimately, the decision to use antivirus software depends on individual digital habits and risk tolerance.

Winsage

March 8, 2025

Lumma Stealer Launch “Click Fix” Style Attack via Fake Google Meet & Windows Update Sites

Recent investigations from Palo Alto have revealed the use of "click fix" campaigns for distributing Lumma Stealer malware, which exploit user interaction by embedding malicious scripts into the copy-paste buffer. Victims are tricked into executing harmful commands through seemingly benign instructions on malicious web pages. Key tactics include: - Domain Impersonation: Registering domains that resemble legitimate services (e.g., windows-update[.]site). - Abuse of Trusted Platforms: Hosting malicious pages on reputable platforms like Google Sites. - PowerShell Script Delivery: Using data binaries that execute as PowerShell scripts. - DLL Side-Loading: Distributing zip archives with decoy files alongside legitimate executables for side-loading Lumma Stealer DLLs. Examples of malicious activity include: 1. Fake Google Meet Page: A fraudulent page instructs users to execute a PowerShell command that downloads a script from tlgrm-redirect[.]icu, leading to the download of Lumma Stealer files from plsverif[.]cfd/1.zip and executing a DLL file (DuiLib_u.dll) through side-loading. 2. Fake Windows Update Site: The site windows-update[.]site prompts users to run a PowerShell command that downloads a file from overcoatpassably[.]shop/Z8UZbPyVpGfdRS/maloy[.]mp4, which functions as a PowerShell script. Malicious traffic patterns include HTTP POST requests to tlgrmverif[.]cyou/log.php and downloads from plsverif[.]cfd and overcoatpassably[.]shop. Active command-and-control (C2) domains for Lumma Stealer are: - web-security3[.]com - techspherxe[.]top Inactive C2 domains include: - hardswarehub[.]today - earthsymphzony[.]today Key files associated with these campaigns are: - A PowerShell script from tlgrm-redirect[.]icu/1.txt (SHA256: 909ed8a135…). - A zip archive from plsverif[.]cfd/1.zip (SHA256: 0608775a345…). - A side-loaded DLL (DuiLib_u.dll, SHA256: b3e8b610ef…). Indicators of compromise include active domains like windows-update[.]site and sites[.]google[.]com/view/get-access-now-test/verify-your-account, and associated domains such as authentication-safeguard[.]com, plsverif[.]cfd, and tlgrmverif[.]cyou.

AppWizard

February 28, 2025

A Minecraft Movie

Alec Baldwin had a heated exchange with comedian Jason Scoop, who made a provocative joke about the shooting incident on the set of "Rust." Scoop mockingly offered Baldwin a "pardon" for "murdering that woman," which led Baldwin to threaten him, stating, "If this camera wasn’t here, I’d break your f**ing neck." Baldwin's legal troubles from the 2021 shooting were initially charged with manslaughter but were dismissed in July 2024.

Winsage

February 13, 2025

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft has released a patch addressing 63 vulnerabilities, following a previous update that fixed 159 flaws. The vulnerabilities are categorized by severity: critical, important, moderate, and low. Three critical vulnerabilities requiring user action are: - CVE-2025-21376: Affects Windows LDAP, allowing remote control of systems using Active Directory. - CVE-2025-21379: Pertains to potential Man-in-the-Middle attacks, enabling attackers to manipulate communications and steal data. - CVE-2025-21381: Can be exploited by tricking users into downloading malicious files, allowing arbitrary code execution. Two zero-day vulnerabilities already under exploitation are: - CVE-2025-21391: Allows attackers to bypass access controls and delete files. - CVE-2025-21418: Enables attackers to gain system privileges for configuration and user management. Other notable vulnerabilities include: - CVE-2025-21194: A hypervisor vulnerability that could compromise the kernel. - CVE-2025-21377: Could expose NTLM hashes, allowing impersonation of users. - CVE-2025-21198: Affects Microsoft's HPC systems, allowing complete control through a malicious web request, with a high CVSS score of 9.0. Users are advised to update Windows to safeguard their systems.

Winsage

November 15, 2024

November delivers a heap of Microsoft patches for admins

Microsoft released updates addressing 89 CVE-listed security vulnerabilities, including two actively exploited flaws: CVE-2024-49039 (Windows Task Scheduler, CVSS 8.8) allowing privilege escalation, and CVE-2024-43451 (NTLM spoofing, CVSS 6.5) enabling account impersonation. Other critical vulnerabilities include CVE-2024-43602 (Azure CycleCloud, CVSS 9.9) allowing remote code execution, CVE-2024-43498 (.NET and Visual Studio, CVSS 9.8) exploitable via malicious requests, and CVE-2024-43639 (Windows Kerberos, CVSS 9.8) leading to remote code execution. CISA added the Windows Task Scheduler and NTLMv2 vulnerabilities to its Known Exploited Vulnerabilities Catalog and reported an increase in zero-day exploitations in 2023 compared to 2022. Citrix, Intel, AMD, and Adobe also released patches for various vulnerabilities.

BetaBeacon

October 2, 2024

The 45 best free Android games for your phone or tablet | Stuff

- Vampire Survivors is a devilishly simple roguelike shoot 'em up game available on mobile for over a year. - Super Cat Tales: PAWS is a platform game where players control a band of cats through various levels. - Swordigo is a 2D adventure-platformer game with monsters to fight and treasures to find. - Dadish 3 is a platform game where players control a radish bouncing through levels to rescue his kids. - Bean Dreams is a platform game that emphasizes learning levels, timing, and exploration. - Sad But Ded is a platform game with a leapy protagonist trying to reach the flag without dying. - It's full of Sparks is a game where players direct a jumping firecracker to water to prevent it from exploding. - Alto's Odyssey is an endless runner game set in a desert with new gameplay elements like bouncing off hot-air balloons. - Saily Seas is a survival game where players try to avoid drowning and being eaten by a whale. - Will Hero is a platforming game with a square hero who bounces forward to defeat enemies. - Super Fowlst 2 is a game where players control a chicken saving the world from a demon invasion using its rear. - Knight Brawl is a hack 'em up game with a sword-wielding protagonist battling enemies in various scenarios. - Beat Street is a scrolling retro game where players fight enemies using only a single digit. - PinOut! is a pinball game with a single massive table challenging players to hit ramps against the clock. - Spaceteam is a multiplayer game where players give orders to prevent their ship from exploding. - Shadowgun Legends is a mobile FPS game where players aim to become a legendary warrior by completing missions. - Time Locker is a vertical shooter game where everything moves only when the player does. - PewPew Live is a twin-stick shooty game reminiscent of classic arcade games like Robotron: 2084. - Shooty Quest is a game where players shoot enemies with arrows using specific weapons for each enemy. - Missile Command: Recharged is a redesigned version of the classic Missile Command game where players defend against nuclear missile attacks. - Please, Touch the Artwork 2 is a puzzle game based on the work of Belgian modern artist James Ensor.

AppWizard

September 26, 2024

Uninstall Now: This Android App Is Secretly Stealing Crypto

A fraudulent Android application posing as "WalletConnect" has stolen over 0,000 from approximately 150 users. The app, which initially appeared as "Mestox Calculator" in March, has undergone several name changes, including "WalletConnect - Crypto Wallet." It was found to have generated fake five-star reviews while also receiving reports of it being a scam. Although removed from the Google Play Store, users are advised to delete it immediately. The app functions as a web browser leading to a calculator site, and if certain criteria are met, users are redirected to a malicious site. This site is suspected of harboring malware. The underlying malware, known as MS Drainer, targets crypto wallets and has previously drained over million through phishing ads. WalletConnect, the legitimate platform, has warned users about fake apps since 2021 and clarifies that it does not have a standalone app.

AppWizard

August 31, 2024

Is Telegram Safe? Secure Messaging App Explained

Telegram is a secure messaging platform that offers end-to-end encryption for video, text, and audio messages. The app employs this encryption by default for voice and video calls and in private chats known as Secret Chats. Despite its security features, Telegram has faced scrutiny for providing user information to authorities in the past. Recently, CEO Pavel Durov was arrested in France on charges related to crimes facilitated through the platform, including drug trafficking and online scams. The arrest has raised concerns about the platform's safety, but it is noted that it will not significantly affect the app's encryption. Prominent figures have expressed support for Durov, arguing that platform owners should not be held responsible for abuses of their services. Users are advised to remain vigilant against scams by being cautious of unsolicited messages, avoiding sharing sensitive information, and maintaining a skeptical mindset.