keystroke Archives

AppWizard

January 8, 2026

Google is quietly making the Pixel Launcher faster with a new shortcut

Google is rolling out an upgrade to the Pixel Launcher that allows users to launch applications by typing part of the app's name and pressing the Enter key on their keyboard. This change eliminates the need to tap on the app icon from search results, making the app-launching process more efficient. Previously, pressing the bottom-right button on the keyboard would trigger a Google Search instead of launching the app, but the update changes this button to an arrow or Enter key when an app match is detected. This enhancement improves one-handed usability and reflects Google's commitment to refining user experience. The rollout is server-side and not tied to a specific app update, with some users already experiencing the new functionality while others have not yet seen it.

AppWizard

December 22, 2025

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

A new Android-based Trojan named Frogblight is targeting mobile users in Turkiye to steal funds from bank accounts. Identified by Kaspersky's Securelist in August 2025, it spreads through smishing, where scammers send deceptive SMS messages about legal court cases or financial aid. These messages often include links to download malicious applications disguised as legitimate support tools. The malware, which can conceal itself and deactivate on simulated devices or within the U.S., requests extensive permissions to access SMS messages and device storage. Once installed, it opens a legitimate government website to appear credible and injects JavaScript to record keystrokes during banking logins. Recent versions have added keylogging, contact list theft, and private call log collection. The malware has evolved to disguise itself as the Google Chrome browser and other tools, and its source code is available on GitHub, indicating it may be marketed as malware-as-a-service. Kaspersky advises users to avoid downloading APK files from untrusted sources and to scrutinize app permission requests.

Winsage

December 17, 2025

Why a Dual Monitor Setup Makes Sense

A dual monitor setup enhances productivity by allowing users to multitask efficiently without the need for constant tab-switching. It enables activities such as participating in virtual meetings while taking notes or editing photos with previews. Microsoft’s Copilot+ PCs significantly improve performance, being faster than older devices. Users can optimize their workflow by using the laptop screen for communication tasks and the second monitor for focused work. Setting up a second monitor on Windows is simple, involving connections via HDMI, USB-C, or DisplayPort, and adjusting display settings. Suggestions for monitors include budget-friendly options, portable monitors, and accessories like stands and docking stations. Windows 11 features like Snap layouts help organize windows effectively on dual screens.

Tech Optimizer

December 9, 2025

Warning! Engineered Linux Malware Can Bypass Next-Gen Anti-Virus Solutions – Open Source For You

The author created a custom reverse TCP payload using Python, packaged it into an .elf executable, and tested its stealthiness against antivirus software. The payload included functionalities such as webcam snapshots, keylogging, screen capture, and file transfers. Established tools for obfuscation often triggered antivirus alerts, prompting the author to develop a custom solution to avoid signature-based detection, maintain behavioral control, and gain insights into detection engines. The payload was designed to connect back to the attacker's machine and execute commands, while the listener processed incoming data. After compiling the binary, it was submitted to VirusTotal, where only four out of 64 antivirus engines flagged it, indicating that custom code can bypass many next-gen antivirus products.

Winsage

December 1, 2025

Microsoft says AI agents are “risky”, but it’s moving ahead with the plan on Windows 11

Microsoft is integrating AI agents into Windows 11, despite acknowledging risks such as hallucinations, unpredictable behavior, and vulnerabilities to cyber threats like Cross Prompt Injection (XPIA). The company plans to transform every Windows 11 PC into an AI-powered machine by introducing features like Copilot Voice, Copilot Vision, and Copilot Actions. The Windows 11 taskbar will feature a new "Ask Copilot" interface for users to interact with AI agents. These agents will operate under separate accounts with limited permissions, controlled folder access, and tamper-evident logs, but still have access to personal folders like Documents and Downloads. The Agent Workspace is a key feature that allows AI agents to perform tasks in a controlled environment, separate from the user's session. Agents can interact with applications and execute multi-step tasks while being monitored. Microsoft employs the Model Context Protocol (MCP) to regulate agent interactions with applications, ensuring security and proper permissions. Despite concerns over privacy and security, Microsoft believes that integrating AI is essential for keeping Windows competitive. The company has faced backlash over previous features like Recall, which raised privacy issues, and must work to rebuild trust with users. The experimental AI features are currently optional, and Microsoft aims to demonstrate their value to encourage acceptance.

Tech Optimizer

November 14, 2025

Beware of Fake Bitcoin Tool That Hides DarkComet RAT Malware With it

A recent malware campaign has seen attackers disguising the DarkComet remote access trojan as Bitcoin-related applications to target cryptocurrency users. DarkComet RAT allows attackers to gain extensive control over compromised systems, despite its original creator discontinuing it years ago. The malware features capabilities such as keystroke logging, file theft, webcam surveillance, and remote desktop control, posing significant risks to users. The malicious file was distributed as a compressed RAR archive named “94k BTC wallet.exe,” which helps evade email filters. Security analysts at Point Wild discovered that the malware ensures persistence by copying itself to %AppData%RoamingMSDCSCexplorer.exe and creating a registry key for automatic execution at system startup. It attempts to connect to a command-and-control server at kvejo991.ddns.net over TCP port 1604. The malware injects its payload into legitimate Windows processes to perform keylogging and screen capture while remaining undetected. Captured keystrokes are stored in log files and exfiltrated through the command-and-control channel. Users are advised to avoid downloading cryptocurrency tools from untrusted sources and to keep security software updated.

Tech Optimizer

November 7, 2025

Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus

A banking trojan named Herodotus targets Android users globally, operating as Malware-as-a-Service and disguising itself as a legitimate app to lure users into downloading an APK from unofficial sources. Once installed, it gains critical system permissions to perform banking operations on behalf of the user. The malware is primarily distributed through SMS phishing campaigns that lead victims to fraudulent download pages. Herodotus employs overlay attacks to steal credentials and hijack sessions, posing a significant threat to financial security. It uses advanced evasion tactics, including random delays and realistic typing patterns, to avoid detection by traditional antivirus solutions. The trojan captures screen content and keystrokes, allowing real-time monitoring of user activity. Detection is complicated as Herodotus circumvents defenses by installing from unknown sources and executing harmful actions only after obtaining user permissions. Effective defense requires recognizing multiple indicators of compromise, such as suspicious SMS links and behavioral anomalies, which traditional antivirus protection often overlooks.

Tech Optimizer

October 14, 2025

‘Polymorphic malware’: The new headache for cops and users

Polymorphic malware disguises itself as benign software and is deployed through phishing emails, deceptive downloads, and malicious links. It alters its code immediately upon activation to evade antivirus detection, encrypting its code and injecting extraneous lines to confuse security systems. Once embedded, it activates key logging tools to capture sensitive information like passwords and credit card numbers, and may redirect users to counterfeit banking websites. Polymorphic malware spreads within networks, altering its structure with each transfer, and some variants operate as 'fileless malware,' complicating removal. It often erases its tracks or self-destructs before detection, making proactive user caution essential to defense.