impersonation Archives

Winsage

June 13, 2026

Windows Server 2025 Adds DNS Over HTTPS for Secure DNS Traffic

Microsoft has rolled out support for DNS over HTTPS (DoH) in Windows DNS Server as part of the Windows Server 2025 update. This feature enhances the security of DNS communications through encryption and server authentication, allowing encrypted client-to-resolver traffic in on-premises DNS environments. DoH encrypts DNS queries and responses using HTTPS, protecting sensitive information from interception or alteration. It also uses digital certificates for DNS server authentication to reduce spoofing and impersonation risks. The feature is compatible with existing Windows DNS Server configurations and supports both encrypted and traditional DNS. DoH support is available on Windows Server 2025 with the June 9, 2026 update or newer. Administrators must configure a trusted TLS certificate and enable DoH in the DNS Server service to deploy this feature. Microsoft plans to extend encryption capabilities to include communication between the Windows DNS Server and upstream DNS resolvers in the future.

AppWizard

June 3, 2026

How Android helps keep you safe from impersonation scams with fake call detection

Android is introducing a fake call detection feature that identifies and flags suspected spoofed calls when both the user and the contact are using Phone by Google. This technology aims to protect users from impersonation scams, particularly those using AI voice cloning, and builds on previous measures like alerts for verified financial calls.

AppWizard

June 2, 2026

Google’s Phone app will tell you if a scammer is impersonating one of your contacts

Google's Phone app is introducing a feature to alert users about potential AI impersonation scams by flagging calls that appear to be from their contacts as suspicious. This update is part of the broader June Android update, which includes other enhancements such as support for Apple AirDrop, accessibility of the Personal Safety app for children under 13, AI-powered clothing try-on features in Photos, and improved search functionality for outfits. The Phone app will notify users with a message indicating that "Someone may be pretending to call from your contact’s number," allowing them to hang up if the call is deemed suspicious. This feature will be automatically enabled for users on Android 12 and later, starting with Pixel devices, and relies on a system where both the user and their contact must use the Phone by Google app to verify call authenticity through a "silent confirmation signal." The feature utilizes end-to-end encrypted rich communication services (RCS) technology.

AppWizard

June 2, 2026

Google Phone app rolling out Android fake call detection that uses RCS

Phone by Google is introducing a fake call detection feature to protect Android users from impersonation scams that use AI-powered deepfake technology. This feature requires both parties to use Android devices with the Phone by Google app, Google Messages, and Google Contacts. It works by sending a silent confirmation signal to verify the legitimacy of a call. If an impersonation attempt is detected, the user's phone will check with the actual contact's device, and if the real device indicates that it is not making a call, a warning will appear on the user's screen. The feature will roll out globally for Android 12+ devices, starting with Pixel phones, and will be enabled by default. The underlying RCS technology may also be adopted by other apps and manufacturers.

AppWizard

May 28, 2026

Fake ‘Cockroach Janta Party’ Android app flagged as critical malware threat, report warns

A cybersecurity report released on May 22, 2026, identifies a counterfeit Android application posing as the official app of the Cockroach Janta Party as a significant malware threat. The malicious app, known as Cockroach.Janta.Party, functions as a Remote Access Trojan (RAT) and can infiltrate Android devices, steal sensitive information, intercept communications, and control infected smartphones. The genuine Cockroach Janta Party has no affiliation with this app and is a victim of brand impersonation. The app is distributed through WhatsApp, Telegram, and misleading websites, particularly a rogue domain, cockroachjantaparty[.]org. It targets Android devices running versions 8.0 to 14 and requests elevated permissions, including access to camera, SMS, call logs, and contacts, while misusing the Android Accessibility Service to read on-screen content and grant itself additional permissions. The app contains multiple malicious modules for data exfiltration and uses a Command and Control infrastructure based on the Telegram Bot API. Users are advised to uninstall the app, disable Accessibility permissions, reset banking credentials, enable two-factor authentication, and conduct a full mobile security scan. The legitimate Cockroach Janta Party is encouraged to issue a formal clarification regarding the impersonation.

Tech Optimizer

May 27, 2026

NordVPN’s New App Acts as an All-in-One Digital Privacy and Security Hub

A virtual private network (VPN) does not protect against fraudulent banking links or harmful files. NordVPN has enhanced its VPN application by integrating antivirus features, evolving into a comprehensive digital privacy and security service. The revamped app is based on three pillars: Connect, Protect, and Monitor, offering tools such as VPN services, scam and phishing protection, and Dark Web Monitor. NordVPN's approach aims to intercept threats early, focusing on deception tactics used in modern scams. The company's next-generation antivirus system uses a dual-layer detection strategy, evaluating URLs in real-time and scanning files for malware. In April, NordVPN blocked 4.8 million threat events, including malware and phishing attempts. The company emphasizes minimal data collection for threat decisions and offers three subscription tiers: Basic, Complete, and Prime, each with a 30-day money-back guarantee. Users are reminded that no app can fully protect against cybersecurity threats, and best practices like strong passwords and multifactor authentication are essential.

AppWizard

May 20, 2026

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have identified an ad fraud and malvertising operation called Trapdoor, targeting Android users with 455 malicious applications and 183 command-and-control domains. Users often download these disguised apps, which initiate malvertising campaigns and lead to further downloads of malicious applications. At its peak, Trapdoor generated 659 million bid requests daily, with over 24 million downloads of the associated apps, primarily from the United States. The operation exploits install attribution tools to activate malicious activities only for users acquired through fraudulent ad campaigns, while suppressing such behavior for organic downloads. Trapdoor employs advanced evasion techniques, including obfuscation and impersonation of legitimate software, to avoid detection. Google has removed the identified malicious apps from the Play Store in response to the threat.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

May 1, 2026

007 First Light perfectly balances cinematic Bond action with Hitman’s signature sandbox freedom

The game "007 First Light" features a balance between open-world exploration and linear action, successfully merging Bond-style storytelling with gameplay mechanics. Players experience three distinct levels, including a narrative introduction, an MI6 training arena, and a museum setting that encourages strategic gameplay. The museum level allows for various approaches to objectives, such as stealth and impersonation. Combat mechanics differ from the Hitman series, with Bond engaging in stylish confrontations rather than relying solely on stealth. Players can utilize gadgets, including a laser watch, which require resource management. The game boasts impressive visuals and character portrayal, with a focus on realism and immersion. The developers aim to appeal to a broad audience of Bond fans, ensuring an engaging experience.

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.