malicious applications Archives

AppWizard

March 21, 2026

I don’t recognize the Android I fell in love with anymore

In 2010, the author purchased a Samsung Galaxy 5, which introduced them to the Android ecosystem characterized by freedom, openness, and choice. By 2026, the Android platform had evolved significantly, with restrictions on sideloading impacting the author's nostalgic view of the system. The early 2010s were marked by diverse hardware innovations, such as microSD expansion and customizable features, alongside software freedom that allowed for extensive customization and app installations. Over time, Android transitioned to a more structured ecosystem focused on user safety, reflecting the need to protect personal information. The author acknowledges the trade-off between openness and security, recognizing the importance of safeguarding users, even if it means accepting a more restrictive environment.

AppWizard

March 20, 2026

Android’s new sideloading rules are here, and they come with a 24-hour lock!

Google has introduced a new sideloading process for Android that includes a 24-hour waiting period and multiple steps for installing apps from unverified developers. The steps are as follows: 1. Enable Developer Mode. 2. Confirm you’re not being coerced into disabling device protections. 3. Restart your phone. 4. Wait 24 hours. 5. Re-authenticate using biometric authentication or a PIN. 6. Install the app, with a warning about its unverified status. This change aims to enhance user safety and protect less experienced users from scams. The new rules will take effect in August, primarily affecting users who sideload apps from third-party sources, while those using the Play Store will not see changes. Google is also requiring app developers to verify their identities to reduce the risk of malicious applications. Exceptions exist for limited distribution apps that can be shared without full verification.

AppWizard

March 13, 2026

The FBI is looking for victimized Steam users who downloaded games with hidden malware — Investigation underway into multiple infected titles from 2024 to 2026

The FBI is investigating malware-infested games on Steam that may have affected players between 2024 and 2026. Affected individuals are encouraged to come forward confidentially. Notable games under scrutiny include Chemia, Dashverse / DashFPS, Lampy, Lunara, PirateFi, Tokenova, and BlockBasters, the latter of which reportedly siphoned off ,000 in cancer donations from a streamer. Cybercriminals exploit players logged into multiple platforms, compromising their online presence and Steam libraries. Valve is working to combat these threats, but the volume of new releases can overwhelm their vetting system. The FBI urges reporting relevant information to assist in prosecuting offenders. Affected individuals can fill out a form on the FBI's website or email Steam_Malware@fbi.gov to report incidents.

AppWizard

March 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have identified six new families of Android malware designed to extract sensitive data and facilitate financial fraud. Notable threats include: - PixRevolution: Targets Brazil's Pix payment platform, activates during Pix transfers, and uses real-time monitoring to intervene in transactions. Victims are tricked into installing malicious apps from counterfeit Google Play Store listings, which enable accessibility services for the malware to capture screens and overlay fake interfaces to reroute funds. - BeatBanker: Spreads through phishing attacks disguised as legitimate Google Play Store pages. It uses an inaudible audio loop for persistence, functions as a banking trojan, and includes a cryptocurrency miner. It creates deceptive overlays for platforms like Binance and Trust Wallet to divert funds and can monitor web browsers and execute remote commands. - TaxiSpy RAT: Exploits accessibility services to gather sensitive information such as SMS messages and call logs, targeting banking and cryptocurrency applications with overlays for credential theft. It employs advanced evasion techniques like native library encryption and real-time remote control. - Mirax: A private malware-as-a-service (MaaS) offering with a subscription model that provides tools for banking overlays and information gathering, including keystrokes and SMS. - Oblivion: Another Android RAT available at a competitive price, featuring capabilities to bypass security measures on various devices. - SURXRAT: Distributed through a Telegram-based MaaS ecosystem, it uses accessibility permissions for persistent control and communicates with a Firebase-based command-and-control infrastructure. Some samples incorporate a large language model component, indicating experimentation with AI by threat actors.

AppWizard

February 22, 2026

Google Blocks Millions of Risky Android Apps: Biggest Play Store Cleanup Yet

Google blocked approximately 1.75 million dangerous or policy-violating apps from reaching users in 2025 and shut down over 80,000 developer accounts associated with fraud, malware, and repeated policy violations. Play Protect identified millions of risky apps installed from external sources, and it scans apps in real-time, even after installation. Key reasons for app rejections include malware behavior, financial fraud, misuse of permissions, and deceptive advertisements. The crackdown results in safer app downloads, reduced risk of data theft, improved privacy enforcement, and lower exposure to counterfeit applications.

AppWizard

February 20, 2026

Google rejected nearly two million Android apps and blocked more than 80,000 developer accounts from Google Play in 2025

Google blocked 1.75 million applications from the Play Store in 2025 for policy violations and took action against over 80,000 developer accounts identified as “bad actors.” Additionally, 255,000 apps were restricted from accessing sensitive user data. The company implemented measures such as developer verification, mandatory pre-review checks, and stringent testing requirements to enhance security. Google’s Play Protect system scanned 350 billion apps daily and flagged 27 million malicious applications outside the Play Store. The integration of Generative AI models into the app review process improved the identification of malicious patterns and expedited application reviews.

AppWizard

February 10, 2026

Android users warned about new bug that steals private data – which apps to delete

The Arsink malware is an Android Remote Access Trojan (RAT) that exfiltrates sensitive information while granting remote control to its operators. It has impacted over 45,000 devices in 143 countries, including the UK. Arsink lures users to download deceptive "pro" versions of popular applications, often promoted on social media instead of the Google Play Store. Once installed, it can access text messages, emails, call logs, contacts, microphone recordings, photos, location data, and more. The malware also allows hackers to control device features such as using the torch, playing audio, making calls, and changing settings. It hides its icon, runs a persistent foreground service, and generates notifications to avoid detection. Users are advised to remove any "pro" versions of well-known apps like Google, YouTube, WhatsApp, Instagram, Facebook, and TikTok that are not from the official Google Play Store.

Tech Optimizer

January 7, 2026

List of Android Antivirus Software

TraceX Guard is developed by TraceX Labs and provides comprehensive protection against mobile threats such as viruses, spyware, ransomware, and phishing links, utilizing AI-powered threat detection and real-time security monitoring. Avast Antivirus, created by Avast Software, offers malware scanning, real-time threat detection, app locking, Wi-Fi security checks, and privacy protection tools, making it popular among Android users. AVG AntiVirus, developed by AVG Technologies, includes malware protection, app scanning, performance optimization, and privacy features, sharing core technology with Avast. Malwarebytes is an anti-malware solution for Android that detects and removes malware, adware, ransomware, and potentially unwanted programs, focusing on privacy protection and safe browsing.

Tech Optimizer

December 30, 2025

How to Run an iPhone Malware Scan: Find and Remove Viruses

iPhones do not support traditional antivirus applications due to iOS's app sandboxing feature, which limits apps' access to system-level data. Users can identify potential malware by monitoring for unusual behaviors, such as overheating, fast battery drain, unexpected data usage spikes, unwanted Safari pop-ups, unfamiliar apps, repeated login prompts, and strange messages sent from their accounts. To investigate for malware, users should check device performance, review storage and data usage, monitor battery usage, and look for jailbreak indicators. If malware is suspected, users can take steps such as updating iOS and apps, restarting the device, deleting suspicious apps, clearing Safari data, removing unknown profiles, resetting network settings, restoring from a clean backup, or performing a factory reset as a last resort. iOS includes built-in protections against malware, such as App Store reviews, sandboxing, code signing, and regular security updates. However, iPhones are not completely immune to threats, and jailbreaking increases vulnerability. To protect against malware, users should keep iOS and apps updated, use strong passcodes, avoid jailbreaking, be cautious with links and attachments, use secure browsers, and consider using a VPN on public Wi-Fi. CyberGhost VPN can provide additional security on unsecured networks by encrypting internet traffic. While iPhones do not have built-in malware scanners, they incorporate various protections to prevent malware from reaching the device. Signs of potential malware include overheating, rapid battery drain, unexpected data usage spikes, and unusual app behavior. Malicious apps can occasionally bypass App Store scrutiny, and users should take immediate action if they suspect an infection. Generally, iPhones are considered more secure than Android devices due to stricter app controls.

AppWizard

December 22, 2025

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

A new Android-based Trojan named Frogblight is targeting mobile users in Turkiye to steal funds from bank accounts. Identified by Kaspersky's Securelist in August 2025, it spreads through smishing, where scammers send deceptive SMS messages about legal court cases or financial aid. These messages often include links to download malicious applications disguised as legitimate support tools. The malware, which can conceal itself and deactivate on simulated devices or within the U.S., requests extensive permissions to access SMS messages and device storage. Once installed, it opens a legitimate government website to appear credible and injects JavaScript to record keystrokes during banking logins. Recent versions have added keylogging, contact list theft, and private call log collection. The malware has evolved to disguise itself as the Google Chrome browser and other tools, and its source code is available on GitHub, indicating it may be marketed as malware-as-a-service. Kaspersky advises users to avoid downloading APK files from untrusted sources and to scrutinize app permission requests.