infection Archives

Winsage

April 5, 2026

How to Reset Registry to Default in Windows 11

Many applications modify the Windows 11 registry without user awareness, potentially leading to issues such as boot problems, application crashes, and settings reverting unexpectedly. Windows 11 does not have a "Reset Registry to Default" button, but there are methods to restore the registry to a functional state. Common indicators of registry issues include: - Applications crashing or failing to open. - Blue Screen of Death errors after registry edits or software installations. - Prolonged boot times. - Settings not saving or reverting unexpectedly. - Error messages about missing DLL files or broken file associations. - USB devices or peripherals not being recognized. To address registry issues, users can try the following methods: 1. System Restore: This method restores system-level changes without erasing personal files, provided a restore point exists. 2. Reset Windows 11: This reinstalls the operating system and resets the registry, with options to keep personal files or remove everything. 3. Import a Registry Backup File: This method restores specific registry keys if a backup exists. 4. Offline Registry Repair via Command Prompt: This is an advanced method for unbootable systems, involving manual replacement of registry hive files. Users are advised to back up the registry before making changes and to avoid using registry cleaners, as they can cause more harm than good. Regularly creating restore points and being cautious with online advice can help prevent registry problems.

Winsage

April 4, 2026

WhatsApp Malware Campaign Uses VBS to Hijack Windows

Microsoft has identified a cyberattack campaign that uses WhatsApp messages to distribute malicious Visual Basic Script (VBS) files targeting Windows systems. First detected in late February 2026, the campaign employs social engineering to trick users into executing the VBS files, which then create hidden directories and disguise themselves as legitimate Windows utilities. The malware downloads additional payloads from cloud platforms like AWS, Tencent Cloud, and Backblaze B2 to establish persistence and escalate privileges. It can bypass User Account Control (UAC), alter registry settings, and install malicious MSI packages, including remote access tools like AnyDesk, to maintain continuous access for attackers.

Winsage

April 2, 2026

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

A campaign targeting Windows users exploits WhatsApp attachments to execute a malicious .vbs script. Victims receive what appears to be a harmless attachment, which, when opened, duplicates legitimate Windows tools into a hidden folder and renames them to avoid detection. These tools are then used to download additional malware from reputable cloud services, disguising the malicious activity. The malware seeks administrator privileges by altering User Account Control settings and registry entries for persistence. It ultimately installs remote-access software and other payloads to maintain control over the compromised device. Malwarebytes recommends safety measures such as avoiding unsolicited attachments, enabling file extensions, using updated anti-malware tools, downloading software from official sites, being cautious of unexpected UAC prompts, and keeping systems updated.

AppWizard

April 1, 2026

‘NoVoice’ Android malware on Google Play infected 2.3 million devices

A new Android malware called NoVoice has been found in over 50 applications on Google Play, with more than 2.3 million downloads. The malware targets older Android versions, specifically those patched between 2016 and 2021, and attempts to gain root access by exploiting vulnerabilities. It conceals malicious components within the com.facebook.utils package and uses steganography to hide an encrypted payload within a PNG image file. NoVoice avoids infecting devices in certain regions and has checks to detect emulators and VPNs. Once activated, the malware contacts its command-and-control server to gather device information and polls it every 60 seconds for tailored exploits aimed at rooting the device. It can exploit 22 vulnerabilities, including kernel bugs, and establishes persistence by replacing key system libraries and installing recovery scripts. The malware injects code into applications, particularly targeting WhatsApp to extract sensitive data for session replication, which is then exfiltrated to the C2 server. The malicious apps containing NoVoice have been removed from Google Play, but users who installed them should consider their devices compromised. Upgrading to devices with later security patches is recommended to mitigate the threat.

Tech Optimizer

March 30, 2026

Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer On macOS

Security researchers have identified a new macOS information stealer called Infiniti Stealer, which extracts sensitive information from Mac users using a social engineering tactic known as ClickFix. This method involves a counterfeit Cloudflare human verification page that prompts users to enter a command in their Mac Terminal, allowing the malware to bypass security measures. The infection process consists of three stages: 1. A Bash dropper script downloads and decodes a hidden payload. 2. A Nuitka loader, designed for Apple Silicon Macs, complicates detection by compiling Python code into a native application. 3. The final payload, Infiniti Stealer, harvests personal data such as browser passwords, macOS Keychain entries, cryptocurrency wallets, and captures screenshots. Indicators of Compromise (IOCs) associated with Infiniti Stealer include: - MD5 Dropper: da73e42d1f9746065f061a6e85e28f0c - SHA256 Stage-3: 1e63be724bf651bb17bcf181d11bacfabef6a6360dcdfda945d6389e80f2b958 - C2 Domain: update-check[.]com - C2 URL: https://update-check[.]com/m/7d8df27d95d9 - Panel: Infiniti-stealer[.]com - Packer Magic: 4b 41 59 28 b5 2f fd (KAY + zstd) - Debug Log: /tmp/.bs_debug.log

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.

Tech Optimizer

March 19, 2026

How AI And Hacking Professionalism Are Overwhelming Endpoint Security

The digital landscape is transforming due to the professionalization of cybercrime, which is now a significant part of organized crime, second only to drug trafficking. Malware includes various types such as viruses, browser hijackers, password stealers, Trojans, botnet malware, and ransomware. Traditional antivirus solutions rely on signature-based detection, heuristic analysis, and behavior monitoring, but these methods can lead to false positives and negatives. The evolution of cybersecurity has seen the rise of "Ransomware-as-a-Service" (RaaS) and the use of polymorphic malware that changes its signature, making traditional defenses ineffective. Hackers are also using AI and machine learning to evade behavioral monitoring. New defense strategies include Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), which focus on monitoring for breaches rather than preventing them. Leading vendors in this space include CrowdStrike, SentinelOne, Microsoft, and Palo Alto Networks. The zero trust security framework treats all access attempts as potentially hostile and emphasizes the integration of various security technologies. Emerging startups like FinalAV Security are developing zero trust solutions for consumers and small businesses, focusing on prevention rather than detection.

AppWizard

March 17, 2026

The FBI is investigating malware hidden inside games hosted on Steam

The FBI is investigating a hacker responsible for releasing several video games with embedded malware on the Steam platform. The suspected games include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. These games were developed over the past two years and posed risks to gamers who downloaded them. This incident follows a similar event from the previous year when malware-laden games were also uploaded to Steam. Neither Valve nor the FBI has commented on the investigation.

Tech Optimizer

March 16, 2026

What Is a Crypto Miner Virus?

A crypto miner virus, or cryptojacking malware, secretly uses a device’s CPU or GPU to mine cryptocurrency for an attacker, leading to increased electricity costs and potential hardware damage for the victim. It typically infects devices through phishing emails, pirated software, compromised websites, and malicious browser extensions. Monero is the preferred cryptocurrency for mining due to its efficiency on standard CPUs and privacy features. Signs of infection include overheating, high CPU usage, and increased electricity bills. Detection involves monitoring system performance and running antivirus scans. Prevention includes using antivirus software, keeping systems updated, and avoiding pirated software. Notable incidents include attacks on a European water utility and the Los Angeles Times website.

AppWizard

March 3, 2026

New VR Games & Releases March 2026: Quest, PlayStation VR2 & PC VR

- Iron Guard Salvation - March 5 (PS VR2) - Peak Rhythm - March 5 (Meta Quest) - Rager - March 5 (PS VR2) - DrumBeats VR - March 6 (PS VR2) - Bootstrap Island - March 12 (PC VR) - Parkour Labs - March 12 (PS VR2, Quest) - Perikoto - March 13 (PC VR) - SkyLeap - March 15 (PC VR, Quest) - Orbital Overdrive - March 16 (PC VR) - Prison Simulator VR - March 18 (PC VR, Quest) - GunX (Lock and Load) - March 20 (PC VR) - Maid of Sker VR - March 17 (PC VR, PS VR2, Quest) - Virtual Hunter - March 25 (PS VR2, Quest) - VMX - March 26 (PC VR, Quest) - Shop & Stuff - March 27 (PSVR2) - Star Trek: Infection - March 31 (PC VR, Quest)