JavaScript Archives

Tech Optimizer

January 7, 2026

Fake error popups are spreading malware fast

A new cybercrime tool called ErrTraffic has emerged, simplifying malware dissemination through deceptive fake error messages that prompt users to address non-existent issues. The attacks begin on compromised websites, where users encounter distorted text and pop-ups suggesting a browser update or font installation. Clicking the provided button copies a command to the clipboard, instructing users to paste it into PowerShell, which triggers the malware infection. ErrTraffic automates this process, requiring minimal investment for attackers to access a control panel and scripted payload delivery. It operates via JavaScript injection, adapting to the user's operating system and browser to display tailored messages. This method effectively bypasses traditional malware defenses, achieving high conversion rates, with nearly 60% of users following through with the instructions. Infected devices may deploy infostealers or banking trojans, with the system designed to evade law enforcement by excluding certain regions. To mitigate risks, users should avoid copying commands from websites, trust built-in update notifications, use robust antivirus software, and regularly remove personal information from data broker sites.

Winsage

January 6, 2026

ClickFix attack uses fake Windows BSOD screens to push malware

A new social engineering attack campaign called ClickFix is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into executing malware. Initially identified in December by Securonix as "PHALT#BLYX," the campaign involves phishing emails that appear to be notifications from Booking.com, often mentioning significant refunds to create urgency. Victims are directed to a counterfeit Booking.com site that mimics the legitimate one and displays a fake error message prompting them to execute a malicious command. This command launches a PowerShell script that downloads and compiles malware known as DCRAT, a remote access Trojan that allows attackers to control infected devices, exfiltrate data, and spread within networks.

Winsage

December 28, 2025

Microsoft Optimizes Windows 11 File Explorer to Slash RAM Usage

Microsoft is addressing criticism regarding Windows 11's File Explorer performance, particularly its excessive RAM consumption during searches. The company is testing optimizations aimed at reducing memory usage while maintaining speed, originating from an Insider Preview build. These changes involve eliminating duplicate indexing tasks, which could lead to a 20-30% reduction in RAM usage during intensive search sessions. Additionally, the update includes a streamlined context menu in File Explorer to enhance usability. Insider feedback has been positive, with users reporting smoother performance across various devices. The optimizations may also improve system stability and scalability in enterprise environments. However, some users express skepticism about whether these fixes are temporary solutions to deeper architectural issues. The full benefits of the update are expected to materialize once it reaches general availability, anticipated in early 2026.

AppWizard

December 22, 2025

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

A new Android-based Trojan named Frogblight is targeting mobile users in Turkiye to steal funds from bank accounts. Identified by Kaspersky's Securelist in August 2025, it spreads through smishing, where scammers send deceptive SMS messages about legal court cases or financial aid. These messages often include links to download malicious applications disguised as legitimate support tools. The malware, which can conceal itself and deactivate on simulated devices or within the U.S., requests extensive permissions to access SMS messages and device storage. Once installed, it opens a legitimate government website to appear credible and injects JavaScript to record keystrokes during banking logins. Recent versions have added keylogging, contact list theft, and private call log collection. The malware has evolved to disguise itself as the Google Chrome browser and other tools, and its source code is available on GitHub, indicating it may be marketed as malware-as-a-service. Kaspersky advises users to avoid downloading APK files from untrusted sources and to scrutinize app permission requests.

Winsage

December 14, 2025

Use Windows 3.1 Straight From Your Browser To Boot Up Pure Nostalgia

Jeff Parsons has created a fully functional emulation of Windows 3.1 accessible through modern web browsers, allowing users to explore the iconic Program Manager interface and various retro applications like File Manager, Paintbrush, and Media Player. The emulator operates seamlessly using JavaScript, requiring no installation, and offers both full-screen and windowed views with nostalgic elements like a floppy-disk dropdown. It includes classic shareware, vintage Microsoft Word versions, digitized PC Magazine issues, and games such as King's Quest and The Oregon Trail. This project highlights the slower pace of computing in the early 90s and serves as a reminder of advancements in hardware over the years. Previous attempts to run vintage operating systems on actual hardware have faced limitations, contrasting with Parsons' success in running Windows 95 in a browser.

Tech Optimizer

December 3, 2025

Fileless protection explained: Blocking the invisible threat others miss

Fileless malware operates within a computer's active memory, avoiding detection by traditional antivirus solutions that rely on file scanning. It uses legitimate tools like PowerShell to execute harmful commands without creating files, making it difficult to identify. Cybercriminals can use fileless malware for various malicious activities, including data theft and cryptocurrency mining. Malwarebytes combats fileless attacks through two defense layers: Script Monitoring, which intercepts potentially dangerous scripts at execution, and Command-Line Protection, which scrutinizes command-line tools for suspicious activities. Examples of fileless attacks include malicious email attachments activating PowerShell to download ransomware, hidden JavaScript on websites mining cryptocurrency, and attackers using Windows Management Instrumentation (WMI) to create backdoors. Malwarebytes' Fileless Protection operates automatically in the background, ensuring legitimate applications function normally while monitoring for threats. It is part of a comprehensive security framework that includes machine-learning detection and web protection, designed to stop attacks that do not write files. This protection is included with Malwarebytes Premium, aimed at safeguarding personal and small business systems.

AppWizard

December 1, 2025

SmartTube app was infected by malware, here’s what happened

Google Play Protect disabled the SmartTube app on Android TV, labeling it as potentially harmful due to a compromised digital signature. The developer, Yuliskov, confirmed that the signature breach allowed for the creation of counterfeit app versions that could carry malware. A user discovered that SmartTube version 30.51 contained a hidden library that collected device-specific information and transmitted it to external servers, raising concerns about botnet activity. Certain versions of SmartTube, specifically 30.43 and 30.47, were confirmed to have been compromised due to malware on the developer's computer. Users were advised to uninstall infected versions, including 28.56, 28.58, 28.66, 28.75, 28.78, 29.13, 29.37, 29.62, 29.63, 29.85, 30.27, 30.32, 30.38, 30.40, 30.43, 30.44, 30.45, and 30.51, and to download the newly released safe version from trusted sources. Yuliskov assured users that the compromised computer has been cleaned and that new releases are secure.

Winsage

November 25, 2025

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity experts have identified a new campaign that combines ClickFix tactics with counterfeit adult websites to trick users into executing harmful commands under the guise of a "critical" Windows security update. This campaign uses fake adult sites, including clones of popular platforms, as phishing mechanisms, increasing psychological pressure on victims. ClickFix-style attacks have risen significantly, accounting for 47% of all attacks, according to Microsoft data. The campaign features convincing fake Windows update screens that take over the user's screen and instruct them to execute commands that initiate malware infections. The attack begins when users are redirected to a fake adult site, where they encounter an "urgent security update." The counterfeit Windows Update screen is created using HTML and JavaScript, and it attempts to prevent users from escaping the alert. The initial command executed is an MSHTA payload that retrieves a PowerShell script from a remote server, which is designed to deliver multiple payloads, including various types of malware. The downloaded PowerShell script employs obfuscation techniques and seeks to elevate privileges, potentially allowing attackers to deploy remote access trojans (RATs) that connect to command-and-control servers. The campaign has been linked to other malware execution chains that also utilize ClickFix lures. Security researchers recommend enhancing defenses through employee training and disabling the Windows Run box to mitigate risks associated with these attacks.

Winsage

November 25, 2025

ClickFix attack uses fake Windows Update screen to push malware

Recent observations have identified ClickFix attack variants where cybercriminals use deceptive Windows Update animations on full-screen browser pages to hide malicious code within images. Victims are misled into executing harmful commands through specific key sequences that copy and execute commands via JavaScript. Security researchers have documented these attacks since October, noting the use of LummaC2 and Rhadamanthys information stealers. Attackers utilize steganography to embed malware payloads within PNG images, reconstructing and decrypting them in memory using PowerShell and a .NET assembly called the Stego Loader. A dynamic evasion tactic known as ctrampoline complicates detection by initiating calls to numerous empty functions. The shellcode extracted from the encrypted image can execute various file types directly in memory. Following a law enforcement operation on November 13, the Rhadamanthys variant's payload delivery through fake Windows Update domains ceased, although the domains remain active. Researchers recommend disabling the Windows Run box and monitoring suspicious process chains to mitigate risks.

Tech Optimizer

November 20, 2025

Microsoft launches distributed PostgreSQL to rival AWS

Microsoft has launched a new distributed PostgreSQL database service called Azure HorizonDB, which is fully compatible with open source PostgreSQL and designed to enhance performance, scalability, and availability. The service supports autoscaling storage up to 128 TB and compute capabilities of up to 3,072 vCores, with a multi-zone commit latency of less than one millisecond. It features advanced AI capabilities, including DiskANN vector indexes and AI model management, but does not currently offer a serverless model. The launch coincides with a rise in PostgreSQL adoption, with 58 percent of professional developers using it. Competitors in the distributed PostgreSQL market include CockroachDB, YugabyteDB, and Google and AWS's offerings. Microsoft has also introduced two PostgreSQL extensions aimed at enhancing its database services.