indicators Archives

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

March 1, 2026

A feature Windows 11 should have had on release is finally rolling out, says Microsoft

Windows 11 users will receive colored battery icons and percentage indicators with the KB5077241 update. This feature, initially previewed in late 2024 and expected to launch in November 2025, is now being rolled out more broadly after delays. The February 2026 update will activate these features for a wider audience. Users can access the update via Windows Update and enable the "Battery percentage" option in the Settings menu. This addition aligns Windows 11 with other operating systems like Android and macOS, enhancing the user experience by providing clearer battery information.

Winsage

February 27, 2026

Is Microsoft really spying on you with Windows telemetry?

Windows 10 was released in 2015 and faced criticism for its telemetry feature, which some viewed as a surveillance tool. In 2017, the Dutch Data Protection Authority found Microsoft's telemetry settings non-compliant with local privacy laws, leading to changes by Microsoft. Telemetry, termed diagnostic data by Microsoft, is essential for device reliability and security, with a baseline level of data collection set to "Required." Users can opt to limit data collection to this level. The Optional category of diagnostic data may include device settings and browsing history, raising privacy concerns. Microsoft introduced the Diagnostic Data Viewer in 2018 to enhance transparency, allowing users to inspect the telemetry data sent to them. As of now, Microsoft has over a billion monthly active Windows 11 users.

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.

Tech Optimizer

February 24, 2026

Fake Zoom meeting “update” silently installs surveillance software

A deceptive website, uswebzoomus[.]com/zoom/, poses as a Zoom meeting platform and installs surveillance software on Windows devices without user consent. The software is a covert version of Teramind, a commercial monitoring tool. The site creates a fake Zoom waiting room experience, complete with scripted participants and background audio, to trick users into downloading a malicious file named zoomagentx64s-i(_941afee582cc71135202939296679e229dd7cced) (1).msi. This file is preconfigured to connect to an attacker-controlled Teramind server and operates in stealth mode, leaving minimal traces on the device. The installation process collects information about the device and is designed to evade detection by security tools. If users suspect they have been affected, they are advised not to open the downloaded file, check for its installation, and change passwords from a clean device.

Winsage

February 23, 2026

Don’t Buy a Refurbished or Used Windows 10 Computer

The author explored used and refurbished laptops for a testing lab, focusing on budget-friendly options, particularly those running Windows 10. Microsoft has ceased support for Windows 10, leaving users vulnerable to security risks compared to those using Windows 11. Many Windows 10 devices may not support an upgrade to Windows 11, making them less desirable despite their lower prices. Users are advised to consider the importance of security and check compatibility with Windows 11 before purchasing. Devices manufactured in the last five years are more likely to support the upgrade. Indicators that a computer may not support Windows 11 include being manufactured before 2019, having an older processor, running a version of Windows earlier than 10, or lacking support for Secure Boot, TPM, or UEFI. If a computer is kept offline, the operating system's importance is reduced, but this scenario is rare. The author recommends against purchasing Windows 10 devices, as refurbished Windows 11 models are only slightly more expensive and offer better security.

Winsage

February 22, 2026

Windows 12 Forecast Six Expert Predictions

Microsoft is preparing for the release of Windows 12, which is expected to feature an AI-native experience with deep integration of Copilot, showcasing capabilities like on-screen comprehension, voice activation, and task automation. The hardware requirements will be elevated, necessitating 16GB of RAM, rapid NVMe storage, and a Neural Processing Unit (NPU) for advanced features. Windows on Arm is gaining momentum, with improvements in app compatibility and battery life, while a modular architecture called CorePC is being developed to facilitate faster updates and enhance security. Licensing for Windows 12 is expected to remain unchanged for consumers, with optional cloud-enhanced services available. The update cadence will increase, allowing for faster feature drops independent of major OS releases, with the Windows Insider Program continuing to test new features. Upon its release, Windows 12 will integrate Copilot, provide a more cohesive OS core, and support both x86 and Arm architectures.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

Winsage

February 19, 2026

Microsoft shows off AI running on the Windows 11 taskbar and File Explorer

Microsoft has introduced a feature called “Ask Copilot,” integrated into the taskbar of Windows 11, which replaces the traditional Windows Search. This feature aims to enhance user productivity by providing quick access to information from files, emails, and meetings. It allows users to locate files and settings using simple prompts and leverages an improved search index for faster and more relevant results. The AI capabilities enable users to ask questions like “When is my performance review due?” and receive answers from Microsoft Teams and Outlook. Additionally, users can summon various AI agents directly from the taskbar by typing the “@” symbol, including the Microsoft 365 Researcher for in-depth research. Microsoft is also adding “Ask Microsoft 365 Copilot” within File Explorer to provide insights for shared files. These features are expected to roll out to users in the coming weeks.