obfuscation Archives

Winsage

January 29, 2026

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence

Praetorian Inc. has launched Swarmer, a tool that enables low-privilege attackers to maintain stealthy persistence in the Windows registry while avoiding detection by Endpoint Detection and Response (EDR) systems. Swarmer uses mandatory user profiles and the Offline Registry API to modify the NTUSER hive without triggering standard registry hooks. It operates by creating an NTUSER.MAN file that replaces the NTUSER.DAT hive upon user login, allowing low-privilege users to manipulate registry settings without alerting EDR tools. Swarmer employs functions from Microsoft’s Offline Registry Library, enabling it to perform operations without invoking Reg* API calls, thus evading detection mechanisms. Swarmer's workflow involves exporting the HKCU registry, modifying it, and executing the tool with specific commands to place the modified NTUSER.MAN file into the user profile. It can be used as an executable or a PowerShell module. While it presents a novel method for persistence, Swarmer has limitations, such as being unable to update without admin access and requiring user login to activate. Detection strategies include monitoring for NTUSER.MAN file creation and Offreg.dll usage in non-standard processes.

AppWizard

January 1, 2026

Minecraft’s 2025 end‑of‑year stats prove the game is still a global phenomenon with numbers most franchises can only dream of

Minecraft has continued to thrive for 15 years, with Mojang Studios sharing a retrospective of 2025 that includes impressive community statistics. Players logging into the Minecraft: Bedrock Edition dressing room can receive a free Inflatable Chicken Suit Character Creator item. The introduction of the copper golem mob resulted in nearly a billion of these creatures spawning, while over 270 million mounts were tamed, with players collectively traversing 335 billion blocks. However, saddles were crafted only 16 million times. Mojang hosted two Minecraft Live events in 2025, the first in March, which revealed the year's first three updates and announced a forthcoming Minecraft movie set for a sequel in 2027. The Spring to Life update enhanced Overworld diversity and quality-of-life improvements, followed by the Vibrant Visuals update for graphics upgrades and the Chase the Skies update for new ghostly mounts. The September event introduced The Copper Age update, and the year ended with the Mounts of Mayhem update, which added new mobs and a new weapon. Mojang also announced a collaboration with King to develop Minecraft Blast, a new mobile game. Changes for 2026 include the removal of code obfuscation for modders and a shift in version numbering.

AppWizard

December 12, 2025

Mounts of Mayhem released for Minecraft with new mobs, weapons and more

The latest major update for Minecraft, titled "Mounts of Mayhem," introduces several new features, including: - New mobs: Nautilus, Zombie Nautilus, Camel Husk, and Parched. - Nautilus Armor for player protection. - Introduction of Spear weapons for combat. - Natural spawning of Zombie Horses. - New graphical options: "Texture Filtering" and "Anisotropic Filtering." - Netherite Horse Armor can be obtained by upgrading Diamond Horse Armor using a Smithing Table. - Removal of obfuscation to enhance modding capabilities. - An experimental version of the update is available with manual installation steps. - A guide for playing Minecraft on Linux, SteamOS, or Steam Deck is available on GamingOnLinux. - Minecraft was released on November 8, 2011, and is available on various platforms, including native Linux.

Tech Optimizer

December 9, 2025

Warning! Engineered Linux Malware Can Bypass Next-Gen Anti-Virus Solutions – Open Source For You

The author created a custom reverse TCP payload using Python, packaged it into an .elf executable, and tested its stealthiness against antivirus software. The payload included functionalities such as webcam snapshots, keylogging, screen capture, and file transfers. Established tools for obfuscation often triggered antivirus alerts, prompting the author to develop a custom solution to avoid signature-based detection, maintain behavioral control, and gain insights into detection engines. The payload was designed to connect back to the attacker's machine and execute commands, while the listener processed incoming data. After compiling the binary, it was submitted to VirusTotal, where only four out of 64 antivirus engines flagged it, indicating that custom code can bypass many next-gen antivirus products.

AppWizard

December 8, 2025

Minecraft 1.21.11 Release Candidate 3

Release Candidate 3 for version 1.21.11 has been deployed, addressing three issues: 1. Fixed the incorrect rendering of transparent item models (MC-304790). 2. Ensured zombie nautiluses generated in ocean ruins now exhibit persistence (MC-304797). 3. Fixed a bug allowing zombies, skeletons, and zombie horses to catch fire from light sources in arid biomes (MC-304810). The Release Candidates are available for Minecraft: Java Edition, and players can install it by enabling snapshots in the Minecraft Launcher. A non-obfuscated experimental version is also accessible. An unobfuscated server jar is available for download. Players are encouraged to report any bugs or provide feedback.

AppWizard

December 5, 2025

Minecraft 1.21.11 Release Candidate 1

The Mounts of Mayhem drop is scheduled for release on December 9th, with the first Release Candidate shipped today. Enhancements to the Spear weapon include increased knockback duration during charging and refined charge attack animations. The Release Candidates for Minecraft: Java Edition are now accessible via the Minecraft Launcher, where players can enable snapshots. It is advised to back up data as testing versions may corrupt worlds. A non-obfuscated experimental version is also available, requiring players to download a zip file, unpack it, and create a new launch installation in the Launcher. An unobfuscated server jar is available for download, and players are encouraged to report bugs and provide feedback.

Tech Optimizer

December 3, 2025

Wacatac Trojan: What Is It And How To Remove It

The Wacatac Trojan is a type of malware first documented in January 2020, known for disguising itself as benign software to trick users into installation. It operates under various aliases, including Trojan:Script/Wacatac and Trojan:Win32/Wacatac, and can connect to Command-and-Control (C2) servers for remote manipulation. Its capabilities include stealing credentials, evading antivirus detection, creating or joining botnets, causing system damage, enabling spyware functions, acting as Remote Access Tools (RATs), and downloading additional malware. Symptoms of infection include sluggish performance, program failures, unexplained storage reductions, and unfamiliar processes. Wacatac spreads through unofficial software, malicious web pages, and phishing emails. Removal is best achieved using reputable antivirus software, while prevention involves avoiding questionable downloads, practicing good digital hygiene, keeping software updated, backing up data, and using quality antivirus solutions. False positives can occur, where legitimate programs are mistakenly flagged as Wacatac.

AppWizard

December 3, 2025

Minecraft is changing how it handles update version numbers — but what does that mean for us players?

Since the Tricky Trials update in June 2024, Minecraft has been at version 1.21, as Mojang Studios shifted to more frequent, smaller updates instead of large annual releases. Mojang is revamping its version numbering system to better reflect this new update cadence, with the latest game drop titled "The Copper Age" designated as version 1.21.9 for Java Edition and 1.21.110 for Bedrock Edition. The first snapshot for the upcoming Mounts of Mayhem update will be labeled as 25.4-snapshot-1. The familiar "Minecraft 1.x.x" format will be retired, with the Mounts of Mayhem update scheduled for release on December 9 and the first update of the new year recognized as Minecraft 26.1. Mojang has also pledged to eliminate code obfuscation from Minecraft: Java Edition to enhance the modding experience.

AppWizard

December 2, 2025

Escape From Tarkov player makes world-first escape from Tarkov

Tigz became the first player to successfully escape from Escape From Tarkov following its full release, a milestone confirmed by developer Battlestate Games on December 1, just over two weeks after the game’s launch. The recent major update introduced a non-linear story campaign and end-game content, contributing to a 90% review score. Tigz achieved his escape in two weeks after eight years of experience with the game, and while the details of his escape are not disclosed, it is noted to have a somber tone. Jake Tucker from PC Gamer commented on the new and exciting content in Tigz's video.

AppWizard

December 2, 2025

Android users warned to check phones now as Google bans apps

Recent findings have revealed that certain widely-used Android applications have been involved in an adware campaign, identified as 'GhostAd', which drains phone resources and disrupts normal usage. This malicious software disguised itself as utility and emoji-editing tools and infiltrated at least 15 applications, targeting unsuspecting users. Many of these compromised apps were available on Google’s Play Store, including the GenMoji Studio app, which became popular in the 'Top Free Tools' category. Users reported issues such as disappearing app icons, intrusive advertisement pop-ups, and sluggish device performance after installation. Google has removed all compromised applications from its Play Store, but users who installed them must manually delete the harmful software. Check Point noted that the GhostAd campaign blurs the line between marketing and malware, repurposing users' phones to generate revenue. To protect against future threats, users are advised to scrutinize app reviews, verify the app creator's reputation, and exercise caution with permissions.