IP address Archives

AppWizard

April 14, 2026

Mirax RAT Targets Android Devices Through Meta Apps

Mirax is a remote access Trojan (RAT) targeting Android devices in Spanish-speaking countries, identified by Outpost24's KrakenLabs in early March. It propagates fraudulent advertisements on Meta-owned applications, allowing cybercriminals to gain initial access. Mirax can interact with compromised devices in real time, converting them into residential proxy nodes through ads on platforms like Facebook and Instagram. It uses SOCKS5 protocol and Yamux multiplexing to establish proxy channels and uncover victims' IP addresses. The malware captures keystrokes, steals sensitive data, executes commands, and monitors user activity. It employs overlay pages to steal credentials and orchestrates distribution through Meta ads and GitHub for malicious APK files. Users are tricked into enabling installations from "unknown sources," and the malware disguises itself behind video playback features. Additionally, a threat actor has been offering Mirax as a malware-as-a-service (MaaS) on illicit forums, with subscription prices starting at ,500 for three months. This service is described as highly controlled and exclusive, primarily targeting Russian-speaking actors in underground communities.

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

AppWizard

April 5, 2026

Sick of The Witcher 3’s Roach? Its MMO mod now lets you ride other players instead

The Witcher Online 2.0 mod for The Witcher 3 introduces a multiplayer experience that allows players to engage in shared adventures within the game's world. Developed by modder rejuvenate, it features enhancements such as populated game environments, customizable player characters, and improved player interactions. Players can ride horses and boats together, utilize a player interactions menu for trading items, and transform into various animals. The update includes 23 new emotes and allows for greater control over animations. The mod is available for download via Nexus Mods and aims to improve performance and connectivity issues.

AppWizard

April 5, 2026

10 Hacks Every Steam Gamer Should Know

- To maintain privacy on Steam, users can adjust their profile visibility settings under Steam > Settings > Account > Privacy Settings. - Steam allows family sharing of game libraries with up to five individuals in the same household through Steam > Settings > Family. - Users can customize game operations by entering commands in the Launch options box found in Properties > General of a game. - Steam enables users to add alternative storage locations for games via Steam > Settings > Storage and move games to optimize performance. - Download speed limits can be set in Steam under Settings > Downloads to ensure internet bandwidth is available for other activities. - Users can switch download servers in Steam by selecting a different server in Settings > Downloads to potentially improve download speeds. - Big Picture Mode can be activated in Steam under Settings > Interface for a user-friendly interface when using a gamepad. - Gamepad controls can be remapped by accessing Properties > Controller > Controller Configuration for any game in the library. - SteamDB provides insights into future sales, trending titles, and upcoming releases based on historical data. - The FPS counter can be enabled in Steam under Settings > In Game to monitor performance metrics like CPU, GPU, and RAM usage during gameplay.

AppWizard

March 31, 2026

A Brand New Ultimate Smash Minecraft Server – Classic Brawler Mechanics in a 3D Block World

The Ultimate SMASH Minecraft server has been launched and can be accessed via the IP address supersmash.eu. It is a Java Edition server that features a percentage-based damage system instead of traditional health bars, where players aim to strike opponents to increase their damage percentage. Key features include diverse arenas, a tactical arsenal of items, a party system for teaming up, cosmetic upgrades for avatars, and a scoreboard system for tracking gameplay. The server is accessible to players using Java Edition versions 1.20.2 and newer, and players can earn premium ranks through gameplay without spending real money. The development team encourages community engagement and regularly updates the server based on player feedback. Players can connect to the server at supersmash.eu or join the official Discord for updates.

AppWizard

March 27, 2026

Android 17 to Finally Let You Exclude Specific Apps from Your VPN Connection

Using a VPN on Android can enhance privacy but may hinder access to location-dependent services. Many users utilize "split tunneling" to exclude specific apps from the VPN connection, allowing access to these services. Android 17 Beta 3 is set to standardize split tunneling across the operating system, providing a cohesive settings screen for users to manage app exceptions. This development aims to simplify the user experience by eliminating the need to navigate different VPN app interfaces. Users will be able to configure specific apps, like banking applications, to use their local IP address while keeping other web traffic secure under the VPN. The feature is still in development and will require updates from VPN applications to utilize the new system screen.

Tech Optimizer

March 18, 2026

Stop! These 5 Antivirus Misconceptions Could Leave You Unprotected

Engaging with a computer exposes it to potential threats like trojans, ransomware, and malware. Antivirus software is essential for protection, but misconceptions exist about its use. 1. Antivirus subscriptions typically expire after a trial period of three to six months, requiring renewal, which can be checked in the software's 'About' section or 'Account' tab. Users should renew or install antivirus software if they haven't done so. 2. Setting antivirus subscriptions to auto-renew is advisable to prevent lapses in protection, with notifications sent before renewal dates. Some providers offer additional benefits with auto-renewal. 3. Disabling antivirus while gaming is risky; instead, users should look for a "game mode" feature that minimizes interruptions. 4. Antivirus alerts should not be dismissed as nuisances; they may contain important information regarding defenses or necessary actions. 5. Antivirus software alone does not ensure complete safety; additional tools like password managers and VPNs are recommended for enhanced security and privacy.

Tech Optimizer

March 17, 2026

Up to 86% Off Surfshark One — Lock in This All-in-One Cybersecurity Deal

Surfshark has launched the Surfshark One bundle, which includes a VPN, antivirus protection, data breach monitoring, alternative ID features, and private search capabilities. The 24-month plan offers significant savings, costing approximately .49 per month, while the 12-month plan costs .99 per month. The antivirus tool scans for malware and provides real-time monitoring. It also alerts users if their personal information appears in data breach databases, allowing them to take action. The private search tool ensures searches are not tracked or linked to personal profiles. All plans come with a 30-day money-back guarantee.

AppWizard

March 2, 2026

Best Secure and Encrypted Messaging Apps in 2026

Your text messages and calls can be intercepted by hackers, corporations, and government entities, putting your private information at risk. Corporations may use your messages for targeted advertising or sell your data, while hackers may exploit it for identity theft or fraud. Governments may monitor communications under the guise of national security. Secure messaging apps are essential to protect your communications, as many default options expose sensitive information through metadata or lack proper security. Signal is recognized as the most secure messaging app, offering end-to-end encryption, being open-source, and free of charge, though it requires a phone number for registration. Threema allows complete anonymity without data collection but has no free version. Telegram, while popular, has security concerns as not all communications are end-to-end encrypted by default. WhatsApp and Keybase are discouraged due to ownership issues affecting privacy. Characteristics to look for in a secure messaging app include end-to-end encryption, third-party testing, open-source code, self-destructing messages, and minimal user data collection.