investigation Archives

Winsage

June 16, 2025

Windows Vista’s startup sound suddenly reappears in Windows 11’s beta build, and no, it’s not a joke

The latest beta builds of Windows 11 have a glitch that swaps the startup sound with that of Windows Vista. This issue was reported by tester XenoPanther, who found that the .WAV file for the startup sound had been replaced. Brandon LeBlanc from the Windows Insider Program confirmed the bug, humorously suggesting it was a response to user nostalgia for Vista, but clarified it was not intentional. The cause of the sound swap is unclear, with speculation about it being a playful act by an employee. Microsoft is working to fix the glitch.

Winsage

June 15, 2025

Windows 95 testing almost stalled from cash reg overflow

Microsoft employed unconventional testing methods for Windows 95, emphasizing compatibility by acquiring a wide range of applications for testing. A manager purchased one copy of every PC program available at a local store, resulting in a large stack of software for the team to test. Engineers were tasked with testing selected programs, logging issues, and could keep the software after the official release. This approach contrasted with modern testing practices. An unforeseen issue arose when the store's cash register crashed due to the total exceeding ,000, highlighting a limitation in the retail system rather than the operating system. The solution involved breaking the total into smaller transactions to proceed with testing.

AppWizard

June 13, 2025

Google to Sunset Android Instant Apps by End of 2025 Due to Low Usage

Google has announced plans to phase out the Instant Apps feature by December 2025 due to low usage and engagement levels. Instant Apps, launched in 2017, allowed users to access lightweight app versions without installation but struggled to gain widespread adoption. A warning message in Android Studio confirmed the discontinuation, stating that Instant Apps support will be removed, and all related APIs will no longer function. Google aims to invest in more effective tools for app discovery, as developers are increasingly using alternatives that align better with user behavior.

Tech Optimizer

June 9, 2025

Cryptostealing Malware Found in Printer Software Highlights Growing Supply Chain Threat

A cybersecurity incident involving Procolored printers revealed vulnerabilities in everyday hardware, as users may have downloaded malware capable of stealing cryptocurrencies like Bitcoin. Tech content creator Cameron Coward reported an antivirus alert linked to Procolored printer software, prompting an investigation by G Data researchers who found malicious code in installation files on the manufacturer's website. The identified threats included a remote access tool (Win32.Backdoor.XRedRAT.A) and a cryptocurrency wallet stealer (MSIL.Trojan-Stealer.CoinStealer.H). Compromised files were last updated in October 2024 and distributed through official channels. The company initially denied the issue but later removed the downloads from their website in May 2025 and acknowledged the malware might have been introduced via USB transfers. An analysis of an attacker’s wallet showed a total of 9.3 BTC accumulated across 330 transactions before it was emptied. Cybersecurity experts recommend that users conduct antivirus scans and consider reformatting drives and reinstalling operating systems if infections are suspected.

AppWizard

June 8, 2025

These apps tricked Google to list them in the Play Store and you must delete them from your phone

The Google Play Store has been infiltrated by deceptive applications that are part of a phishing campaign, as revealed by an investigation by Cyble. These applications mimic legitimate digital wallets, including names like SushiSwap, PancakeSwap, Hyperliquid, and Raydium, and have utilized over 50 domains to evade detection. The primary threat involves the extraction of users' mnemonic phrases, which are critical for accessing cryptocurrency and tokens. Users are advised to uninstall nine specific apps identified by Cyble: Pancake Swap, Suite Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, SushiSwap, and Harvest Finance Blog, to protect their digital assets. Although many of these malicious apps have been removed from the Play Store, the risk persists for those who still have them installed.

Tech Optimizer

June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6

AppWizard

June 4, 2025

Meta found ‘covertly tracking’ Android users through Instagram and Facebook

Experts at Radboud University and IMDEA Networks found that Meta and Yandex have been covertly tracking Android users by monitoring browser activity without consent. This tracking was first identified in January and involves apps like Facebook, Instagram, and Yandex Maps operating in the background and loading scripts that transmit data back to their respective apps. These scripts bypass Android's security measures, allowing the companies to track users' web browsing activities. The tracking affects all major Android browsers, including incognito mode. Google confirmed that Meta and Yandex exploited Android's capabilities in violation of security and privacy principles. Meta is investigating the issue and has paused the feature, while Yandex claims to adhere to data protection standards. Meta's tracking has been ongoing for about eight months, while Yandex's practices date back to 2017. Facebook tracked users on around 16,000 websites in the EU, and Yandex was active on 1,300 sites. Google has begun implementing changes to address these tracking techniques and is conducting its own investigation. Browsers like Firefox, Microsoft Edge, and DuckDuckGo are also affected, with efforts underway to prevent future incidents.

AppWizard

June 3, 2025

Nvidia GPUs are broken in one of the most demanding new PC games, says developer

Nvidia users with RTX 40-series and 50-series GPUs may experience crashes when launching the Hell is Us demo, prompting Rogue Factor to recommend lowering graphics settings and disabling upscaling and frame generation options before starting the game. The developer is working on a patch ahead of the game's official release on September 4. Previous titles have also faced similar issues, with suggestions for Nvidia users to roll back driver installations due to ongoing driver stability challenges. The crashing issue is tentatively linked to Nvidia's DLSS technology, which has been implicated in crashes across various games. The system requirements for Hell is Us indicate that an RTX 4090 is necessary for 4K gameplay at 30 fps, while an RTX 2080 Ti is recommended for 60 fps at 1080p.

AppWizard

June 3, 2025

This Android loophole could have let your apps spy on your web browsing

Meta and Yandex have exploited a loophole in the Android operating system, allowing them to link web browsing data with app identities, bypassing privacy measures like incognito mode. This was revealed by researchers from the Local Mess project, who found that tracking scripts (Meta Pixel and Yandex Metrica) embedded in millions of websites transmit data from web browsers to apps such as Facebook, Instagram, and Yandex Maps through local network connections. Meta began using this technique in late 2024, while Yandex has been doing so since 2017. The loophole allows browser data to be sent to localhost, enabling apps to access it without user notification. In response, Meta has paused the feature and is working with Google to address the issue, which Google acknowledges violates Play Store policies. Some browsers are blocking this tracking, but researchers warn that solutions may be temporary without stricter restrictions on app access to local ports. The study indicates that most sites using these trackers start data collection immediately upon visiting, often before consent is requested. To prevent this tracking, users are advised to uninstall the affected applications.

Tech Optimizer

June 2, 2025

Key service for malware developers taken offline

The takedown of AVCheck, a major Counter Antivirus (CAV) service used by cybercriminals, disrupts their ability to test malware against antivirus detection, thereby hindering successful attacks. Matthijs Jaspers from the High Tech Crime Team highlighted that this operation is crucial in combating organized cybercrime, as it prevents early-stage criminal activities. The investigation revealed connections between AVCheck and other services like Cryptor.biz and Crypt.guru. Additionally, law enforcement has taken proactive measures, including deploying a fake login page to deter AVCheck users and collaborating with Project Melissa to target malware services. The need for coordinated efforts among various sectors is emphasized to effectively combat cybercrime.