modified software Archives

Tech Optimizer

February 11, 2026

How to Disable Windows 11 Defender: Temporary and Permanent

Microsoft Defender Antivirus is the built-in security solution for Windows 11, protecting against viruses, malware, and ransomware. Users may need to disable it temporarily or permanently for various reasons, including software installation, penetration testing, performance issues, transitioning to third-party antivirus solutions, or troubleshooting conflicts. Temporary disabling can be done through the Windows Security app, which will automatically re-enable after a restart. Permanent disabling requires changes in Group Policy, applicable only to Windows 11 Pro, Enterprise, and Education editions, and necessitates disabling Tamper Protection first. Another method for permanent disabling is installing a third-party antivirus, which automatically deactivates Defender's real-time protection. Windows 11 Home users cannot use Group Policy for permanent disabling but can still temporarily disable Defender or install a third-party antivirus. Disabling Defender exposes the system to threats, and users should ensure they have alternative protection in place. Major Windows updates may reset Defender settings, and caution is advised when modifying system settings.

Winsage

May 28, 2025

All Windows users must ‘watch out’ and delete ‘Microsoft’ updates now

Windows 10 and Windows 11 users are experiencing a rise in phishing emails that appear to be from Microsoft, according to Action Fraud, the UK's national fraud and cybercrime reporting center. Over 250 users have reported receiving fraudulent messages claiming their devices are infected with malware, often encouraging them to click on malicious links. These emails may look credible, sometimes using legitimate Microsoft addresses. Action Fraud advises users to verify messages directly with organizations using official contact details and warns that legitimate institutions will never request personal information via email. Microsoft also states it does not send unsolicited emails or calls for personal information and recommends downloading software only from official sources.

Winsage

November 7, 2024

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Hackers are targeting Windows users with the Winos4.0 framework, which is distributed through seemingly harmless game-related applications. This toolkit has capabilities similar to well-known post-exploitation frameworks like Sliver and Cobalt Strike. Initially, a threat actor named Void Arachne attracted victims with modified software like VPNs and Google Chrome for the Chinese market, but recent tactics involve using games and game-related files. The infection process begins when a legitimate installer is executed, downloading a DLL file from “ad59t82g[.]com.” This triggers a multi-step infection process involving the download of a DLL named you.dll, which fetches additional files and modifies the Windows Registry for persistence. The second phase involves injected shellcode that loads APIs and connects to a command-and-control (C2) server, while the third phase retrieves encoded data from the C2 server. The final stage includes loading a login module that performs various malicious actions, such as collecting system information, checking for anti-virus software, gathering data on cryptocurrency wallet extensions, maintaining a backdoor connection to the C2 server, and exfiltrating sensitive information through methods like taking screenshots and stealing documents. Winos4.0 can identify various security tools, including Kaspersky, Avast, and Malwarebytes, allowing it to adjust its behavior based on the environment. Fortinet describes Winos4.0 as a powerful tool for controlling compromised systems, with reports from Fortinet and Trend Micro providing indicators of compromise (IoCs) related to this threat.

AppWizard

September 24, 2024

If you have any of these infected apps on your Android phone, they must be uninstalled now

The Necro Trojan malware has targeted Android users by infiltrating applications on the Play Store, including WhatsApp and Spotify. It uses steganography to hide malicious payloads, displaying ads in invisible windows, draining battery life, slowing device performance, and causing overheating. It can also enroll users in unwanted paid subscriptions and download arbitrary JavaScript and DEX files. Kaspersky's research found that modified versions of Spotify (Spotify Plus) and apps like Wuta Camera and Max Browser contained the Necro malware. Wuta Camera had over 10 million downloads before being removed, while Max Browser had over one million downloads. Users are advised to uninstall these apps and any modified versions of WhatsApp or game mods for Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. Kaspersky has blocked over 10,000 Necro attacks in a month, primarily in Russia, Brazil, and Vietnam. Users are encouraged to check their devices for the mentioned apps and to only install applications from official sources.

AppWizard

April 19, 2024

Google urges millions to avoid popular ‘harmful’ download on Android phones

Google has issued a cautionary note to Android users about the potential dangers associated with downloading modified versions of Android software, which can compromise device security and leave them susceptible to cybercriminal attacks.