malicious software Archives

Tech Optimizer

June 9, 2026

Fake ChatGPT download site infects Windows and Mac users with malware

A counterfeit website, openew[.]app, is impersonating OpenAI's official ChatGPT download page and distributing malware. Windows users who download from this site receive a credential-stealing malware loader, while macOS users are infected with Odyssey Stealer, a variant associated with cryptocurrency theft. The fake site mimics the legitimate ChatGPT interface and uses HTTPS to appear trustworthy. The Windows malware, Chat_GPT.exe, creates a back channel to an attacker-controlled server, while the macOS malware captures sensitive data and attempts to replace legitimate cryptocurrency wallet applications with compromised versions. Users who download from official sources remain safe, but those who click on ads or unfamiliar links risk compromising their online accounts and sensitive information. Malwarebytes offers protection against this malware. Indicators of compromise include specific file hashes and network indicators associated with the malicious site.

AppWizard

June 8, 2026

Pirated PC games are delivering password-stealing malware

A surge in Windows malware campaigns has been identified, with malicious software hidden in pirated PC games and modified installers for popular franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Over 400,000 devices globally have been affected, with around 30,000 cases in the United States. The malware, known as the "RenEngine loader," is disguised as a legitimate game launcher and infects systems when users download cracked games. It aims to deploy an infostealer called ARC, which can capture sensitive information such as passwords and cryptocurrency wallets, and may also install other harmful payloads like the Rhadamanthys stealer and Async Remote Access Trojan (RAT). Users often remain unaware of their infection until significant damage occurs. Recommendations for safety include avoiding unofficial downloads, using up-to-date anti-malware protection, and regularly updating software.

AppWizard

May 29, 2026

Android App Security Essentials: How to Build Secure Mobile Applications

Mobile applications have transformed business operations and communication, becoming essential in various industries. As reliance on mobile technology increases, organizations face cybersecurity challenges such as malware, unauthorized access, data leaks, and phishing. This has led to a focus on Android app security, with businesses implementing advanced protection strategies. To address cybersecurity threats, modern Android applications require multiple security layers. Secure coding practices minimize vulnerabilities through structured frameworks, automated testing, and regular code reviews. Strong user authentication systems, including multi-factor authentication and biometric verification, protect against unauthorized access. Data encryption secures sensitive information during transmission and storage, helping organizations comply with data protection regulations. Malware attacks are a significant concern, prompting developers to implement anti-malware frameworks and application shielding technologies. To prevent reverse engineering, developers use code obfuscation and tamper detection systems. Managing mobile device permissions securely is crucial to protect sensitive user information. Emerging technologies, such as artificial intelligence, enhance mobile security by improving threat detection and response. DevSecOps integrates security practices into the development lifecycle, allowing for continuous vulnerability identification. Robust endpoint protection solutions monitor devices for malware and unauthorized access, supporting stronger cybersecurity governance across mobile ecosystems.

Winsage

May 28, 2026

Your Windows PC has a security deadline in June 2026

A Secure Boot certificate refresh is being deployed across supported Windows devices via Windows Update. The Secure Boot certificates from 2011 will begin to expire in June 2026, prompting Microsoft to introduce new 2023-dated certificates to maintain security. Most users will require minimal action if their PCs are updated, but older devices may face challenges. The current certificates include: - Microsoft Corporation KEK CA 2011: expires June 24, 2026 - Microsoft UEFI CA 2011: expires June 27, 2026 - Microsoft Windows Production PCA 2011: expires October 19, 2026 The new certificates will remain valid until 2038, with plans for post-quantum cryptography around 2030. While PCs using the 2011 certificates will continue to function, they will lose access to new security protections, making them vulnerable to emerging threats. A notable example of such a threat is the BlackLotus bootkit, which exploited vulnerabilities to bypass Secure Boot. Microsoft's rollout strategy involves a staged update process that typically takes around 48 hours and may require restarts. Users are advised to keep Windows updated and check their Secure Boot status. Known issues may arise for older PCs, systems that bypassed Windows 11 requirements, Legacy BIOS systems, and custom firmware configurations. IT teams managing devices should inventory their systems, monitor specific event IDs, test updates, and document devices that cannot be updated.

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

Winsage

May 24, 2026

Windows Secure Boot certificates start expiring June 24

Windows Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI) specification that enhances system security by ensuring only trusted software is loaded during the startup sequence. It verifies the digital signatures of boot components to protect against malicious software and unauthorized access. Key aspects include enhanced security by preventing untrusted code execution, compatibility with various hardware and software configurations, and user control over Secure Boot settings for customization.

Tech Optimizer

May 21, 2026

What the Tech: Antivirus Software for Smartphone

Many users believe that smartphones need antivirus software, similar to computers. However, most users can navigate their mobile experience without it due to built-in security features in operating systems like iOS and Android, which include regular updates, app store security, and user awareness. Antivirus apps may be necessary for users who download apps from third-party sources or engage in risky online behavior. The decision to install antivirus software should depend on individual usage patterns and risk tolerance.

AppWizard

May 19, 2026

Steam Game Sparks Controversy for Planting Malware on Users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was identified as an 'asset flip' by tech YouTuber Eric Parker. The game was found to contain malware hidden in a DLL file that targets users' cryptocurrency wallet information and Roblox account credentials. This incident follows a similar case in September 2025 involving a game called 'Blockbusters,' which also distributed malware. Following the exposé, Valve removed 'Beyond the Dark' from its platform within a day.

AppWizard

May 19, 2026

“I thought it was a Steam game”… Malicious code found planted on users’ PCs

'Beyond the Dark' is an indie game released for free on Steam on December 29, 2024, which was misrepresented as a turn-based strategy game despite displaying characteristics of a first-person horror game. Tech YouTuber Eric Parker identified it as an 'asset flip' and revealed that it distributed malware designed to steal cryptocurrency wallet information and Roblox account credentials. The malware was embedded in a DLL file activated upon the game's execution. Following Parker's findings, Valve removed the game from its platform within a day. The gaming community has seen similar incidents, such as the 'Blockbusters' game in September 2025, which was involved in a malware scheme that stole cryptocurrency. Security experts advise caution when installing free games that appear hastily produced.

AppWizard

May 12, 2026

This devious Android malware has returned disguised as TikTok or streaming apps — and is now using blockchain to remain undetected

Researchers at ThreatFabric have identified a new variant of the TrickMo banking trojan, named TrickMo.C, targeting Android users in Europe since January 2026. TrickMo.C disguises itself as popular applications like TikTok and streaming services, using tactics such as phishing overlays to harvest login credentials and sensitive information. It can log keystrokes, record screens, livestream content, intercept SMS messages, suppress OTP notifications, modify the clipboard, filter notifications, and capture screenshots. The primary targets are in France, Italy, and Austria, allowing unauthorized access to bank accounts and cryptocurrency wallets. TrickMo.C distinguishes itself by using the TON network for communication, which enhances anonymity and complicates detection efforts.