malicious code Archives

Tech Optimizer

May 22, 2026

Threat Protection Pro: all you need to know about IPVanish’s anti-malware tool

Virtual Private Networks (VPNs) have evolved into comprehensive cybersecurity solutions, offering features like ad-blockers, antivirus software, and dark web monitoring. IPVanish offers a feature called Threat Protection Pro, available with the Advanced plan, which protects against malware, ads, and trackers. It enhances online security by blocking ads and tracking scripts, quarantining suspicious downloads, and preventing access to malicious websites. All IPVanish plans include core Threat Protection, utilizing DNS filters to combat trackers and malware across various platforms. Threat Protection Pro, launched in March 2026, provides 24/7 malware and antivirus protection, even when the VPN is not active. This feature is exclusive to Advanced-tier subscribers and currently supports Windows and Mac platforms. It employs VIPRE’s antivirus engine and initiates detailed measures to identify risks at multiple levels. Users can activate Threat Protection Pro through a straightforward setup process on Windows or MacOS. IPVanish allows unlimited devices per subscription and includes DNS and IPv6 leak protection, a kill switch, and a no-logs policy. Advanced users also have access to a Secure Browser for disposable browsing.

AppWizard

May 19, 2026

“I thought it was a Steam game”… Malicious code found planted on users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was misrepresented as a turn-based strategy game despite displaying characteristics of a first-person horror game. Tech YouTuber Eric Parker identified it as an 'asset flip' and revealed that it distributed malware designed to steal cryptocurrency wallet information and Roblox account credentials. The malware was embedded in a DLL file activated upon the game's execution. Following Parker's findings, Valve removed the game from its platform within a day. The gaming community has seen similar incidents, such as the 'Blockbusters' game in September 2025, which was involved in a malware scheme that stole cryptocurrency. Security experts advise caution when installing free games that appear hastily produced.

Tech Optimizer

May 8, 2026

Norton 360 Deal: Complete Security Starting Under $5/Month

Norton 360 is offering discounts of up to 60% on several of its plans, providing comprehensive digital security for under per month. The software operates in the background, scanning downloads, analyzing websites, and monitoring files for suspicious activity. It includes a scam detection system for identifying manipulated images or videos. One subscription can secure multiple devices, including PCs, Macs, smartphones, and tablets. Norton 360 features a secure VPN for encrypted internet connections and Dark Web Monitoring to alert users if their personal information is compromised. It also includes a Password Manager, Cloud Backup, and parental controls. A 60-day money-back guarantee is available for users to try the software risk-free.

AppWizard

May 6, 2026

Android Apps Get Public Verification System to Stop Supply Chain Attacks

Google has launched an enhanced Binary Transparency initiative for Android to strengthen the ecosystem against supply chain attacks. This initiative builds on the Pixel Binary Transparency framework introduced in October 2021, which ensures Pixel devices operate on verified OS software through a public cryptographic log of factory images. The new initiative aims to address the increasing sophistication of binary supply chain attacks, emphasizing that a binary's digital signature alone is insufficient for guaranteeing its authenticity. Starting May 1, 2026, all production Android applications released by Google will include a cryptographic entry confirming their authenticity. This initiative covers various Google applications and provides a transparent 'Source of Truth' for users to verify the software on their devices. Google is also offering verification tools for users and researchers to confirm the transparency state of supported software types, enhancing user privacy and security.

Winsage

May 5, 2026

Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say

Researchers at Striga have identified two vulnerabilities (CVE-2026-42248 and CVE-2026-42249) in Ollama’s Windows auto-updater that could allow an attacker to install a persistent executable that runs at user login. CVE-2026-42248 fails to properly verify signatures of downloaded content, while CVE-2026-42249 is a path traversal flaw that allows an attacker to inject malicious code into the user's Startup folder. Exploitation requires control over the update response, with potential methods including compromising the update infrastructure or redirecting the client. The vulnerabilities affect Ollama versions 0.12.10 through 0.17.5, and users are advised to disable auto-updates and remove shortcuts from the Startup folder to mitigate risks.

AppWizard

April 30, 2026

LofyStealer Uses Node.js Loader Against Minecraft Gamers

Cybersecurity threat hunters have discovered an active infostealer campaign targeting the gaming community, involving malware called LofyStealer (or GrabBot) that disguises itself as a Minecraft hack named “Slinky.” The attackers use the official game icon to trick young gamers into executing the malware. The Brazilian cybercrime group LofyGang has enhanced its technical capabilities, utilizing a sophisticated two-stage modular architecture. The initial stage features a 53.5 MB loader file named load.exe, which is a Node.js runtime environment that obscures malicious signatures. The loader connects to the attacker’s server and decrypts a 1.4 MB C++ payload, chromelevator.exe, which targets eight web browsers to extract sensitive information like cookies and passwords. The stolen data is compressed, encrypted, and sent to the attacker’s server. LofyGang has evolved into a Malware-as-a-Service platform, offering a web panel for operators to monitor victims and generate custom executables. The campaign highlights the increasing threats to the gaming community, with advanced evasion techniques being employed by cybercriminals. Security professionals are advised to monitor network traffic and conduct audits for suspicious activities.

Winsage

April 28, 2026

Incomplete Windows Patch Creates New Zero-Click Attack Risk

A new vulnerability in Microsoft Windows, designated as CVE-2026-32202, has been discovered due to an incomplete security patch for a previous flaw (CVE-2026-21510). This new vulnerability allows attackers to execute zero-click attacks by processing specially crafted shortcut files, enabling automatic authentication requests without user interaction. The vulnerabilities are linked to another flaw (CVE-2026-21513) in Microsoft’s MSHTML framework, and cybercriminals, specifically the APT28 group, have exploited these issues in attacks against Ukraine and the European Union. Microsoft has released a fix for the new vulnerability in its April 2026 security updates.

AppWizard

April 28, 2026

10,000 Users Exposed As Fake Document Reader App Delivers Anatsa Banking Trojan

Security researchers from ThreatLabz discovered a malicious document reader app on the Google Play Store that delivered the Anatsa Android banking trojan. The app, which had over 10,000 downloads before its removal, disguised itself as a legitimate file management tool using the package name com.groundstation.informationcontrol.filestationbrowsefilesreaddocs. It employed a "dropper" technique to hide its malicious code, connecting to an external server to retrieve the malware payload after installation. Anatsa is designed to steal financial information by overlaying a fake login screen over legitimate banking apps, capturing user credentials and enabling unauthorized transactions. Users are advised to delete the app and monitor their financial accounts. Technical indicators for identifying infections include the Anatsa Installer SHA256 (5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20), Payload URL (http://23.251.108[.]10:8080/privacy.txt), Payload SHA256 Hash (88fd72ac0cdab37c74ce14901c5daf214bd54f64e0e68093526a0076df4e042f), and Command and Control servers (http://172.86.91[.]94/api/ and http://193.24.123[.]18:85/api/).

Winsage

April 27, 2026

Using Windows or Microsoft Office? India issues high-severity cyber alert, how to stay safe

India’s cybersecurity agency, CERT-In, has issued an advisory regarding high-severity vulnerabilities in various Microsoft products, including multiple versions of Windows, Windows Server, Microsoft Office, and the Chromium-based Microsoft Edge browser. These vulnerabilities can allow attackers to execute malicious code, elevate system privileges, access sensitive data, or disrupt services. They arise from issues such as improper input validation, memory corruption, insufficient access control, and inadequate memory object handling. Exploitation can occur remotely or locally, sometimes requiring user interaction. CERT-In advises users and organizations to apply the latest security updates from Microsoft to mitigate these risks.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.