malicious software Archives

Tech Optimizer

May 21, 2026

What the Tech: Antivirus Software for Smartphone

Many users believe that smartphones need antivirus software, similar to computers. However, most users can navigate their mobile experience without it due to built-in security features in operating systems like iOS and Android, which include regular updates, app store security, and user awareness. Antivirus apps may be necessary for users who download apps from third-party sources or engage in risky online behavior. The decision to install antivirus software should depend on individual usage patterns and risk tolerance.

AppWizard

May 19, 2026

Steam Game Sparks Controversy for Planting Malware on Users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was identified as an 'asset flip' by tech YouTuber Eric Parker. The game was found to contain malware hidden in a DLL file that targets users' cryptocurrency wallet information and Roblox account credentials. This incident follows a similar case in September 2025 involving a game called 'Blockbusters,' which also distributed malware. Following the exposé, Valve removed 'Beyond the Dark' from its platform within a day.

AppWizard

May 19, 2026

“I thought it was a Steam game”… Malicious code found planted on users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was misrepresented as a turn-based strategy game despite displaying characteristics of a first-person horror game. Tech YouTuber Eric Parker identified it as an 'asset flip' and revealed that it distributed malware designed to steal cryptocurrency wallet information and Roblox account credentials. The malware was embedded in a DLL file activated upon the game's execution. Following Parker's findings, Valve removed the game from its platform within a day. The gaming community has seen similar incidents, such as the 'Blockbusters' game in September 2025, which was involved in a malware scheme that stole cryptocurrency. Security experts advise caution when installing free games that appear hastily produced.

AppWizard

May 12, 2026

This devious Android malware has returned disguised as TikTok or streaming apps — and is now using blockchain to remain undetected

Researchers at ThreatFabric have identified a new variant of the TrickMo banking trojan, named TrickMo.C, targeting Android users in Europe since January 2026. TrickMo.C disguises itself as popular applications like TikTok and streaming services, using tactics such as phishing overlays to harvest login credentials and sensitive information. It can log keystrokes, record screens, livestream content, intercept SMS messages, suppress OTP notifications, modify the clipboard, filter notifications, and capture screenshots. The primary targets are in France, Italy, and Austria, allowing unauthorized access to bank accounts and cryptocurrency wallets. TrickMo.C distinguishes itself by using the TON network for communication, which enhances anonymity and complicates detection efforts.

AppWizard

May 11, 2026

Google warns 7 million Android users to delete these 28 fake apps

28 Android applications were removed from the Google Play Store after being identified as scams by security researchers at ESET. These apps, part of a campaign called “CallPhantom,” falsely claimed to provide access to private call logs, SMS records, and WhatsApp activity. They attracted millions of downloads despite lacking legitimacy, offering fabricated data such as fake phone numbers and bogus call durations. Some apps charged users for “detailed reports” that either never arrived or contained nonsensical information. The apps did not steal phone data or install malware but instead promised illicit access and generated fictitious data. The primary targets of this scam were users in India and the Asia-Pacific region.

Winsage

May 10, 2026

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Between May 6 and May 7, 2026, the official JDownloader website was compromised in a supply chain attack, leading to the distribution of malicious installers for Windows and Linux users. Attackers altered download links, redirecting users to harmful files, specifically targeting the Windows “Alternative Installer” and the Linux shell installer. A Reddit user reported the issue after Microsoft Defender flagged the installers as malicious, noting unusual developer names instead of the expected publisher, AppWork GmbH. JDownloader developers confirmed the breach and temporarily took down the website for investigation, revealing that an unpatched vulnerability in the content management system allowed the attackers to modify download pages. The genuine installer packages were not altered, and the malicious links were removed. The website was restored on May 8–9, 2026, with verified clean installer links. Indicators of compromise included specific hashes and compromised URLs related to the attack.

Winsage

May 6, 2026

New Trojan attacks Windows and steals data from smartphones via Phone Link

Cisco Talos experts have discovered a trojan that has been operational since at least January 2026, which installs the CloudZ RAT (Remote Access Tool) on Windows systems along with the Pheno plugin. The attack starts with an undisclosed initial access vector and involves executing a counterfeit SmartConnect update to deploy the CloudZ RAT. This RAT establishes an encrypted connection to its command and control (C2) server, allowing attackers to extract sensitive information. The CloudZ RAT assists in harvesting credentials from web browsers and downloads the Pheno plugin, which accesses Phone Link app data and transmits it to the C2 server. The Phone Link feature synchronizes critical data, including SMS messages with one-time passwords and account login details, which are the primary targets of the attackers.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

AppWizard

April 30, 2026

LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Minecraft players are being targeted by a deceptive hacking tool called “Slinky,” which is actually an infostealer known as LofyStealer linked to the Brazilian cybercrime group LofyGang. The malware uses a Node.js-based loader and a C++ payload to extract sensitive browser data, disguising itself as a Minecraft hack. It primarily targets younger players who may unknowingly execute it. The malware operates through a two-stage architecture, with a 53.5 MB loader binary that injects a smaller 1.4 MB payload into browser processes, bypassing detection methods. It collects sensitive information such as cookies, passwords, and credit card details, compressing and encoding the data for exfiltration. The command-and-control (C2) infrastructure is hosted in Brazil, and the malware's design reflects advanced compilation techniques. The campaign is attributed to LofyGang, which has evolved into a more professional entity, posing severe risks to players who download cheats and cracked tools. Indicators of compromise include a specific C2 IP address and associated endpoints.

Tech Optimizer

April 23, 2026

Everywhen issues six checks to spot unsafe websites

Everywhen has released guidelines to help organizations identify unsafe websites and combat online fraud. The guidance includes six checks users can perform before visiting unfamiliar sites: 1. Utilize website safety checker tools like Google Safe Browsing and Norton Safe Web. 2. Verify the site contains standard business information, such as contact details and social media links. 3. Conduct reputation checks by reviewing public feedback for complaints related to fraud or poor service. 4. Evaluate visual and editorial standards for indicators of illegitimacy, such as poor grammar or outdated branding. 5. Maintain updated antivirus software to block malicious downloads and phishing attempts. 6. Adjust browser settings to receive alerts about suspicious websites. The guidance highlights the importance of scrutinizing URLs for unusual spellings or characters and distinguishes between HTTP and HTTPS, noting that the padlock symbol does not guarantee trustworthiness. The initiative aims to protect both consumers and organizations from cyber threats, particularly as fake websites increasingly target personal information and financial transactions.