network traffic Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

Winsage

February 21, 2026

NetSpeedMonitor For Windows 10 64-Bit: A Simple Guide

NetSpeedMonitor is a free tool for Windows 10 64-bit that displays real-time upload and download speeds in the taskbar. It features real-time monitoring, taskbar integration, a customizable interface, low resource usage, and some historical data insights. It helps troubleshoot network issues, monitor data usage, and identify bandwidth-hogging applications. To download, users should search for compatible versions online, check user reviews, and download from trusted sources. Installation involves extracting files, running the installer, and selecting the appropriate network adapter. Configuration options include customizing display units, update intervals, and font colors. Alternatives to NetSpeedMonitor include DU Meter, NetWorx, GlassWire, and Windows Resource Monitor.

AppWizard

February 11, 2026

Product showcase: PCAPdroid analyzes Android app network activity

PCAPdroid is a free, open-source application for monitoring network traffic on Android devices. Users can capture traffic by accepting a VPN request and can view active and historical connections, detailing the application, protocol, destination address, and connection status. Traffic can be categorized by application, providing information such as installation date, version, and permissions. PCAPdroid offers various dump modes, allowing users to view traffic in real-time or save it as a PCAP file, and enables sharing captures via a local web page or forwarding live traffic to another machine using UDP or TCP. The app can extract information from captured traffic, including DNS requests, TLS server names, and HTTP requests. It also has the capability to decrypt HTTPS/TLS traffic, which requires a setup process involving a helper add-on and a certificate. Successful decryption allows users to view and export previously encrypted traffic, although not all apps support this feature.

Tech Optimizer

February 10, 2026

GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection

GuLoader, also known as CloudEye, is a downloader malware that has been active since late 2019, primarily used to fetch and install secondary malware like Remote Access Trojans (RATs) and information stealers. It employs legitimate cloud services such as Google Drive and Microsoft OneDrive to host its malicious payloads, allowing it to evade detection by security tools. GuLoader utilizes advanced techniques including polymorphic code, which alters its appearance to avoid static detection signatures, and exception-based control flow to confuse analysis tools. Over the years, GuLoader has refined its tactics, including the use of software breakpoints and various exception types to redirect its operations. It also employs dynamic XOR encryption to obfuscate internal data, making it difficult for analysts to extract URLs. The malware's continuous evolution poses ongoing challenges for security researchers. Indicators of Compromise (IOCs) include specific hash values for different versions of GuLoader from 2022 to 2024.

AppWizard

January 16, 2026

Hopes for an eventual Anthem private server resurrection ignited as former executive producer says code for running the game locally ‘is there to be salvaged and recovered’

Anthem has officially ended as of approximately 2:05 PM EST on Monday. Former BioWare executive producer Mark Darrah suggested that the technology to run Anthem locally could potentially be revived, depending on third-party developers or EA's involvement. Anthem's architecture relied on a client-server model, requiring players to connect to centralized servers. Reviving the game through private servers would necessitate a deep understanding of its network traffic and mechanics.

Tech Optimizer

December 30, 2025

How To Protect Yourself From Cyber Attacks In The New Year: 10 Essential Tips

The holiday season sees increased online activity, making it a prime time for cybercriminals to exploit vulnerabilities. IT teams are often overwhelmed, and employees may be distracted, leading to a higher risk of phishing scams, ransomware attacks, and data breaches. Strategies to enhance digital security include using strong, unique passwords of at least 16 characters, enabling multi-factor authentication (MFA), being cautious with unfamiliar links, keeping devices updated with software patches, installing antivirus software, using secure networks (preferably with a VPN), enabling firewalls and endpoint protection, limiting user privileges, encrypting and backing up data, and reporting suspicious activity to relevant authorities.

Tech Optimizer

November 29, 2025

5 Essential Security Apps That Actually Protect Your Computer

Browsing without essential utilities like VPNs and antivirus software can be risky. Not all security applications are equally effective; some, like Bitdefender and ESET, offer superior performance, while others may overwhelm users with alerts or upsell subscriptions. Effective security applications prioritize functionality and provide tools such as firewalls, password managers, VPNs, and virus scans. ESET is recognized for its robust protection against sophisticated cyber threats and is suitable for advanced users, small businesses, and remote workers, earning the 2025 Editor's Choice Award for Best Antivirus for Advanced Users. Avira is a budget-friendly option with a free version that offers essential malware protection and an ad-blocker, named the best antivirus for ad-blocking in 2025 by Techradar. Surfshark, primarily a VPN service, offers antivirus protection and breach alerts through its Surfshark One subscription, recognized as the 2025 Best Value Antivirus. AVG provides comprehensive security features with a lightweight presence and was awarded the 2025 Editor's Choice for Best Performance and Speed Antivirus. Bitdefender is consistently ranked among the top choices for comprehensive protection, recognized as the best overall antivirus of 2025 by multiple publications, offering various paid packages and an Autopilot function. The applications mentioned were selected based on positive endorsements from reputable tech and security publications.

AppWizard

November 26, 2025

Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages

CISA has issued a warning about spyware targeting users of instant messaging applications, particularly highlighting the Sturnus trojan, which poses significant risks to Android smartphone users. Sturnus, identified as a banking trojan, can bypass encrypted messaging by capturing messages after they are decrypted on the smartphone screen, rather than cracking the encryption itself. Security expert Aditya Sood noted that Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication, complicating detection efforts. The trojan can read everything displayed on the smartphone screen in real time, including sensitive messages and contacts. CISA also identified tactics used by cyber threat actors, such as phishing, zero-click exploits, and impersonation to gain unauthorized access to messaging apps. Users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and be cautious with accessibility permissions to protect against these threats.

AppWizard

November 20, 2025

Smart Cleaner：Phone Clean Tool For Android

Smart Cleaner: Phone Clean Tool has a rating of 4.4 stars and over 100,000 downloads. It features unnecessary files cleanup, large file cleanup, duplicate photo removal, screenshot cleanup, device info check, and network usage monitoring. The app is free, compatible with various Android versions, and has a content rating of "Everyone." It requires specific permissions to function and adheres to Google's privacy policies. Developed by Darul Shukur, users can contact support via email at Zhangmaoyan@proton.me.