infection Archives

Tech Optimizer

May 6, 2025

YouTubers battle to see who can download the most computer viruses in an hour and the results are insane

A group of YouTubers, led by Tranium, conducted an experiment to download as many computer viruses as possible within an hour to raise cybersecurity awareness. Tranium collected approximately 530 viruses, while Crypto NWO detected 732 across 199,508 files. The experiment highlighted the dangers of downloading free software and the risks associated with 'free' antivirus programs, illustrating the ongoing threats in the digital landscape.

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.

Tech Optimizer

April 18, 2025

Breached Identities and Infostealers: One of the Largest Ongoing Data Leak in History

Breached identities due to infostealer malware are a significant threat to corporate information security in 2024. Infostealers are a type of remote access trojan that exfiltrate sensitive data, including saved credentials, session cookies, browser history, crypto wallet information, screen captures, and host data. Infections often stem from downloading cracked software, malicious advertising, fake Windows updates, and repackaged games. Infostealers do not require local administrative privileges, making them easy to execute. Threat actors primarily aim to profit from breached bank accounts and crypto wallets, often bypassing multi-factor authentication by targeting session cookies. They also seek credentials for subscription services and corporate access. Research shows that 90% of breached companies had leaked corporate credentials in a stealer log, with 78% experiencing leaks within six months of a breach. In comparison, 76% of similar companies without breaches had experienced a corporate stealer log compromise. The investigation identified high-criticality credentials from various corporate applications, indicating that a single user often has access to multiple credentials. The rise of infostealer malware represents a broad threat, encompassing a wide range of sensitive data. Organizations are advised to implement strategies such as restricting download privileges, avoiding illegal content, disabling macros, and regularly updating software to mitigate risks associated with infostealer malware.

Tech Optimizer

April 15, 2025

Steps to Scan Your Computer for Free and Check for Viruses and Malware

Windows Security, previously known as Windows Defender, is a built-in security tool in Windows 10 and 11 that provides comprehensive protection against viruses and malware without requiring additional software. Users can perform manual scans, including Quick, Full, and Custom scans, to identify and eliminate threats. To run a scan, users must open Windows Security, navigate to "Virus & threat protection," and select the desired scan option. Windows Security also includes features such as real-time protection, firewall and network protection, app and browser control, device security, and account protection. It is essential to keep Windows Security updated with the latest virus definitions for optimal protection. Users can also schedule automatic scans for regular checks.

Tech Optimizer

April 13, 2025

Panda Dome review

Panda Security, a Spanish antivirus company, has introduced various cybersecurity innovations since its founding, including daily signature updates in 1998, behavioral monitoring in 2004, and cloud scanning in 2007. It offers several plans for home users: Panda Dome Essential, Advanced, Complete, and Premium, each with increasing features such as firewall protection, WiFi security, online shopping safeguards, and a Dark Web Scanner. All plans include a 30-day free trial. Panda Dome received an AAA award from SE Labs for a Total Accuracy Rating of 99% without false positives between October and December 2024, outperforming Microsoft Defender and Webroot but not achieving the perfect scores of Avast, Kaspersky, and McAfee. The AV-Test Product Review awarded Panda a score of 6/6 for protection and usability, and 5.5/6 for performance. However, Panda Free Antivirus had a higher number of false alarms in AV-Comparatives’ False Alarm Test. The Panda Dome Advanced plan, priced at .99 for the first year, includes parental controls and enhanced ransomware protection. It offers multiple scanning options and reasonable scan times. Its anti-ransomware features include behavior-based detection, file access control, and backup capabilities. Panda Dome Complete, priced at .99 for the first year, adds system cleanup tools and a password manager, allowing users to optimize system performance and securely manage passwords. It also includes file encryption and shredding features. Panda Dome Premium, priced at .99 for the first year, provides unrestricted VPN access, an update manager, and unlimited premium technical support. It allows secure browsing across over 60 countries for up to five devices and includes features to keep systems updated and secure.

Winsage

April 10, 2025

Windows 11 update reportedly creates a mysterious folder on your system drive, which is certainly confusing

A new folder named ‘inetpub’ has appeared on Windows 11 24H2 system drives following the April update, linked to Microsoft’s web server software for developers. The folder is empty, harmless, and can be deleted without adverse effects. Many users have reported removing it safely, while others may choose to keep it if it doesn't cause inconvenience. The folder's creation may be related to adjustments made to IIS components and has caused confusion among users, with reports of its appearance across various devices. There is a possibility that the folder could reappear even after deletion, indicating a need for a permanent fix from Microsoft.

Tech Optimizer

April 7, 2025

Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools

Sakura RAT is a newly developed remote administration tool available on GitHub, designed for use by malware analysts and security researchers. It features capabilities such as hidden browsing, hidden virtual network computing (HVNC), fileless execution, multi-session control, and anti-detection mechanisms to evade antivirus and endpoint detection systems. While marketed for research purposes, its open availability raises concerns about potential misuse by cybercriminals for activities like data exfiltration and ransomware deployment. Cybersecurity experts are advocating for the removal of the repository from GitHub and calling for improved detection systems to combat the risks posed by such advanced tools.

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

AppWizard

April 1, 2025

The Last of Us Part II Remastered Coming to PC On April 3, 2025

“The Last of Us Part II Remastered” will be released on PC on April 3, 2025, available on Steam and the Epic Games Store. This marks the first time Windows users can access the game, which previously received over 300 Game of the Year awards on PlayStation. The remastered edition includes enhancements such as improved graphics, performance, and new content, including a roguelike mode called “No Return.” Pre-orders are currently available. The PC version will support customizable graphics settings, ultrawide monitor support, and full DualSense controller features. New playable characters Bill and Marlene will be introduced in the “No Return” mode, alongside a Guitar Free Play mode and restored cut content. The game will require a minimum of an Intel Core i3-8100 or AMD Ryzen 3 1300x processor and 16GB RAM.

Tech Optimizer

March 31, 2025

Watch Out for This Info-Stealing Malware on Windows

A new malware strain called CoffeeLoader has been identified, posing a significant risk to gamers by masquerading as a legitimate ASUS utility, specifically the Armoury Crate software. Once it infiltrates a system, it deploys the Rhadamanthys infostealer, which can extract sensitive information such as credentials from web browsers, email clients, cryptocurrency wallets, and password managers. CoffeeLoader evades detection by most security tools by operating on the GPU instead of the CPU and using advanced techniques like call stack spoofing, sleep obfuscation, and exploiting Windows fibers. To protect against CoffeeLoader, users should exercise caution when downloading software, navigate directly to official websites, avoid suspicious links, and adhere to basic cybersecurity practices. If infection is suspected, users should disconnect from the internet, reboot in safe mode, delete temporary files, and check Task Manager for unusual activity. Employing a reliable malware scanner can help identify and eliminate infections.