infections Archives

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

AppWizard

April 28, 2026

10,000 Users Exposed As Fake Document Reader App Delivers Anatsa Banking Trojan

Security researchers from ThreatLabz discovered a malicious document reader app on the Google Play Store that delivered the Anatsa Android banking trojan. The app, which had over 10,000 downloads before its removal, disguised itself as a legitimate file management tool using the package name com.groundstation.informationcontrol.filestationbrowsefilesreaddocs. It employed a "dropper" technique to hide its malicious code, connecting to an external server to retrieve the malware payload after installation. Anatsa is designed to steal financial information by overlaying a fake login screen over legitimate banking apps, capturing user credentials and enabling unauthorized transactions. Users are advised to delete the app and monitor their financial accounts. Technical indicators for identifying infections include the Anatsa Installer SHA256 (5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20), Payload URL (http://23.251.108[.]10:8080/privacy.txt), Payload SHA256 Hash (88fd72ac0cdab37c74ce14901c5daf214bd54f64e0e68093526a0076df4e042f), and Command and Control servers (http://172.86.91[.]94/api/ and http://193.24.123[.]18:85/api/).

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

Tech Optimizer

April 17, 2026

Millions of people use this American-made antivirus and you can get $30 off right now

PC Matic is an American cybersecurity company established in 1999, focused on preventing infections before they occur. It aims to disrupt cybercrime by enhancing the protection of everyday devices, thereby reducing the profitability of large-scale attacks. The company has protected over 100 million applications and devices, with more than 3 million customers. PC Matic offers user-friendly and affordable tools for individuals and families. Currently, they have a promotional discount of 30% off the first purchase with the code GOLOOT30, applicable to orders over .99, valid until January 1, 2027.

AppWizard

April 9, 2026

Wait, how many ‘horror Stardew’ farm sims are in development right now?

Several horror-themed farming simulation games were unveiled during the recent Triple-I Initiative showcase. 1. Grave Seasons: Set to release on August 14, 2026, this game involves players navigating rural life while investigating mysterious murders after escaping from prison. It includes romantic elements with the town's residents. 2. Neverway: Scheduled for release in October 2026, this 8-bit inspired game combines farming, crafting, romance, and fast-paced combat. A free prologue is available. 3. Graveyard Keeper 2: Set for release in 2026, this sequel involves managing a cemetery and introduces tower defense elements with an army of the undead. 4. Crop: Release date yet to be announced, this game features players abducted into farming under captors while uncovering secrets of a cult-like organization. Grave Seasons and Neverway include romantic elements, while Grave Seasons and Crop delve deeper into horror themes.

Tech Optimizer

March 31, 2026

Best Antivirus Software That Won’t Slow Down Your Computer

Laptops are essential tools that carry sensitive data, making security crucial. Public networks and unsecured Wi-Fi can expose this data to threats. Antivirus software protects laptops by detecting threats, blocking malware, and removing infections. The best antivirus solutions operate quietly in the background without affecting system performance. Top antivirus software includes: - Bitdefender: Strong malware detection, real-time scanning, minimal system impact; some features are exclusive to higher subscriptions. - Surfshark One: Combines antivirus protection with a VPN; lacks some advanced features. - Norton: Comprehensive suite with various security tools; higher renewal fees after the first year. - Avast: Lightweight protection with extra tools; limited features in the free version. Key features to look for in antivirus software include strong malware detection, real-time monitoring, phishing filters, and compatibility across devices. Performance varies, with some tools consuming more resources than others. Users should be cautious of renewal terms and additional features that may not be necessary. Common mistakes after installing antivirus include assuming complete protection, neglecting subscription monitoring, and risky online behaviors. When switching antivirus software, users should properly remove the old software and manage subscriptions to avoid unnecessary costs. Regular updates are essential for effective protection, and free antivirus tools may lack advanced features. Antivirus effectiveness can vary by device, and some products may slow down older devices. Monitoring update status and active features is crucial for verifying antivirus functionality.

Tech Optimizer

March 31, 2026

Hurry! Norton is knocking up to 60% off its antivirus app

Norton is currently offering its 360 Deluxe package for five devices at a discounted rate of .99 per year, down from its standard price of 4.99 annually, representing a 60% discount. Norton 360 Deluxe includes features such as file backup, a rescue disk for system recovery, and scam protection against phishing attempts. It offers various scanning options: a quick antivirus scan, a full scan, and a deep scan conducted during startup. The software also provides ransomware protection that automatically backs up critical files, including those stored in UEFI.

Tech Optimizer

March 28, 2026

Trend Micro Maximum Security Review 2026: Is It The Best Protection?

Trend Micro offers five distinct subscription versions for online security, including a 12-month subscription to its Maximum Security Suite Pro Plus, which provides multi-device antivirus, anti-scam software, a VPN, and identity theft protection. The pricing starts at AUD for a basic subscription for one device, with additional costs for more devices and features. The tested plan costs 99.95 AUD per year for six devices. Key features include AI-scam detection, a Gamer Mode that pauses notifications during gameplay, and a minimalist user interface. Installation requires separate logins for each program, and the suite supports MacOS, Android, and iOS, though with limited features on Mac. The built-in VPN is developed in-house, and phishing protection is provided via a browser extension. Folder Shield protects against ransomware by securing specific folders. Independent lab tests show mixed results for Trend Micro's performance, particularly in real-time web-threat protection and ransomware defense, with some weaknesses in offline malware detection.

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.