malware Archives

AppWizard

May 7, 2026

Milestone 1.0.0 Release of APK Downloader `apkeep` Powers Research on

Last week, apkeep released version 1.0.0, marking a significant milestone after four years of development. This version includes features such as the ability to download a dex metadata file linked to an app with a Cloud Profile, anonymous login for app downloads via a token from the Aurora Store, the option to specify device profiles for app downloads, and a fix for an authentication bug caused by the Play Store API. apkeep is now also available through Homebrew for macOS users. The new features are influenced by researchers, particularly the dex metadata download capability, which aids in studying Android compilation profiles. Various research projects, including Exodus Privacy and a study on Android evasive malware, have utilized apkeep. The project aims to expand support for additional app providers beyond Google Play, including F-Droid. Users are encouraged to share their experiences and consider donating to support the project.

Winsage

May 6, 2026

“Minimize downtime and simplify troubleshooting”: Microsoft’s powerful new recovery tool is quietly fixing System Restore. Here’s how it actually works.

System Restore is a recovery tool in Windows that allows users to revert their systems to a previous state, originating with Windows ME. It generates restore points that can be created manually or automatically, with a maximum retention of 60 days starting from the Windows 11 24H2 update in 2025. System Restore captures essential system files and settings but does not recover personal files. The new Point-in-Time Restore feature, introduced in 2025 and appearing in the Windows 11 Insider Experimental preview in April 2026, captures a broader range of data, including user files and applications, and operates on a scheduled basis with snapshots retained for up to 72 hours. It is optional for standard users, enabled by default for PCs with 200GB or more storage, and has storage limits set to 2% of total drive capacity. In enterprise settings, it is always enabled for Windows 365 Enterprise, maintaining restore points for up to one month and utilizing cloud storage. Point-in-Time Restore aims to improve the recovery experience and address limitations of the classic System Restore.

Winsage

May 6, 2026

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

On April 30, 2026, Microsoft Defender misclassified two legitimate DigiCert root certificates as a severe threat, specifically Trojan:Win32/Cerdigent.A!dha, leading to their quarantine and disrupting SSL/TLS validation across affected endpoints. This misclassification was a result of new malware detections introduced by Microsoft in response to concerns over compromised certificates from a DigiCert breach. The false-positive alerts were triggered by the registry entries of the two trusted root certificates, which are crucial for validating SSL/TLS sessions. Microsoft later acknowledged the error and adjusted the alert logic. There was no actual compromise of the DigiCert certificates, as administrators confirmed that the certificate hashes matched the official values. The misclassification stemmed from a failure to properly constrain the detection to only revoked end-entity signing certificates related to a separate incident. This incident follows a pattern of Microsoft Defender misidentifying legitimate software as malicious, as seen in a 2022 incident where Microsoft Office was flagged as a virus. Organizations with restrictive update policies may continue to face SSL/TLS validation failures until they deploy the corrective Security Intelligence version or manually restore the DigiCert roots.

Tech Optimizer

May 6, 2026

I tested AVG antivirus. It’s proof great AV doesn’t need to be pricey

The cost of AVG Internet Security includes a single-device plan starting at a specified amount for the first year, which then increases to a higher annual fee, and a multi-device plan for up to ten devices that starts at a different amount for the first year and rises to a specified annual fee thereafter. The multi-device option allows sharing among family members. AVG Internet Security adds five features to its free antivirus: password protection, webcam safeguards, monitoring for unauthorized file access, defense against malicious website redirects, and protection against remote desktop protocol attacks. It does not include a VPN, which requires an upgrade or separate purchase. The installation process is straightforward, with a user-friendly dashboard. Users can initiate scans easily and choose from various scan types. AVG excels in real-time protection, scanning files upon access and monitoring applications for unusual behavior, including ransomware protection. As of 2025, users must set their own scheduled scans. AVG offers a secure browser during installation and a data shredder feature, though its effectiveness may vary. Customer support includes online chat, phone assistance, and comprehensive support pages. AVG Internet Security has received high marks for performance, detecting 100% of threats in controlled tests while minimally impacting system resources during regular use.

AppWizard

May 6, 2026

Android Apps Get Public Verification System to Stop Supply Chain Attacks

Google has launched an enhanced Binary Transparency initiative for Android to strengthen the ecosystem against supply chain attacks. This initiative builds on the Pixel Binary Transparency framework introduced in October 2021, which ensures Pixel devices operate on verified OS software through a public cryptographic log of factory images. The new initiative aims to address the increasing sophistication of binary supply chain attacks, emphasizing that a binary's digital signature alone is insufficient for guaranteeing its authenticity. Starting May 1, 2026, all production Android applications released by Google will include a cryptographic entry confirming their authenticity. This initiative covers various Google applications and provides a transparent 'Source of Truth' for users to verify the software on their devices. Google is also offering verification tools for users and researchers to confirm the transparency state of supported software types, enhancing user privacy and security.

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 6, 2026

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.

Winsage

May 6, 2026

Microsoft confirms why Windows 11 updates might be weird right now, and look like they’re failing — but it’s nothing to worry about

Microsoft has acknowledged that some Windows 11 updates may require multiple reboots, particularly those related to Secure Boot certificates, which are essential for system security. These updates aim to protect against malware, especially rootkits, and ensure the effective functioning of Secure Boot. Some users have faced difficulties in receiving the new certificates due to firmware issues, but multiple reboots typically indicate that necessary security enhancements are being applied.

Tech Optimizer

May 5, 2026

Intego ONE

Intego has released Intego ONE, a rebranded antivirus solution for Mac users that combines antivirus capabilities with a firewall. The product has received a 97.1% malware detection score in independent lab tests, although it lacks phishing protection, a feature offered by competitors like Norton and Bitdefender. Intego ONE has a tiered pricing structure, with the Essential tier costing .99 annually and providing antivirus and firewall protection, while the Advanced tier, which includes the SmartClean system cleanup tool, costs .99. The top-tier Complete subscription, which includes a VPN, is priced at .99 annually. Intego offers a 7-day free trial for potential customers. The software installation is straightforward, requiring Full Disk Access for optimal functionality. Intego's firewall is integrated into the main application for easier user interaction. The SmartClean feature aims to optimize system performance but may not justify its additional cost for all users. The VPN included in the Complete tier is user-friendly but may be priced higher than standalone options.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.