operators Archives

AppWizard

March 4, 2026

Meet Vera Report, The App That Lets You Whistleblow Anonymously From a Smartphone Using Telegram Messenger

AlphaTON Capital Corp. and the Midnight Foundation have launched Vera Report, an anonymous reporting platform utilizing privacy-preserving blockchain technology and confidential computing for real-time reporting of fraud, waste, and abuse. A report by the Government Blockchain Association reveals an annual loss of billion to trillion due to federal fraud in the U.S. and highlights that whistleblower cases have recovered .3 billion under the DOJ’s False Claims Act in FY 2025. Despite potential savings of 0 billion from a 20% reduction in fraud, 31% of employees fear retaliation for reporting. Vera Report allows users to report fraud anonymously through a Telegram application, employing Zero-Knowledge Proofs, Confidential Computing, Blockchain Verification, Decentralized Storage, Automatic Metadata Stripping, and AI Credibility Assessment to protect submitters’ identities and improve reporting efficiency.

AppWizard

March 3, 2026

With developer verification, Google’s Apple envy threatens to dismantle Android’s open legacy

The F-Droid team published an open letter to Google, supported by 35 organizations, expressing concerns about Google's changes to the Android ecosystem. Many Android users rely on Google for app installations, facing challenges when trying to use alternative app stores or open-source apps without verification. Some developers are shifting to progressive web apps instead of Android. Alternatives to Google's verification system include non-certified Android devices and privacy-focused ROMs like LineageOS or GrapheneOS, but these options come with security vulnerabilities and installation difficulties for most users. Telecom companies impose restrictions on devices to ensure they work on their networks, leading to a reliance on stock software and security updates from Google and manufacturers.

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Tech Optimizer

February 27, 2026

Fake Avast Website Steals Users’ Credit Card Information

A phishing scam is targeting French-speaking users in Europe by impersonating Avast antivirus software. Victims are lured to a fraudulent website that mimics Avast's official portal, where they are tricked into providing credit card details due to a fabricated €499.99 charge and promises of a refund. The scam uses realistic branding, dynamic JavaScript for urgency, and live chat features to collect personal information. Users are asked to select refund reasons and submit their personal details, after which they are prompted for credit card information. The scam employs the Luhn algorithm to validate card numbers and displays a fake confirmation message after data submission. Key red flags include dynamic dates, tight deadlines, requests for full card re-entry, and suspicious live chat interactions. Avast has warned users about these scams and encourages reporting to authorities.

AppWizard

February 19, 2026

New ‘Massiv’ Android banking malware poses as an IPTV app

A new strain of Android banking malware called Massiv is disguised as an IPTV application to steal digital identities and access online banking accounts. It uses screen overlays and keylogging techniques to capture sensitive information and can take remote control of compromised devices. Massiv has been observed targeting a Portuguese government application related to Chave Móvel Digital, which contains user data that could bypass know-your-customer (KYC) verifications. The malware allows fraudsters to open accounts in the victim's name at new banks and services, enabling money laundering and loan acquisition. Massiv features two remote control modes: a screen live-streaming mode and a UI-tree mode that extracts structured data from the Accessibility Service. There has been an increase in the use of IPTV applications as bait for Android malware infections, with many of these apps serving as droppers for the malware. The fake IPTV apps primarily target users in Spain, Portugal, France, and Turkey. Users are advised to download applications only from reputable sources and keep security measures active.

AppWizard

February 19, 2026

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have identified a new Android trojan named Massiv, designed for device takeover attacks targeting financial theft. It disguises itself as IPTV applications and poses risks to mobile banking users by allowing operators to remotely control infected devices for fraudulent transactions. The malware was first detected in campaigns targeting users in Portugal and Greece, with features including screen streaming, keylogging, SMS interception, and fake overlays for credential theft. One campaign specifically targeted the gov.pt application to deceive users into providing sensitive information. Massiv can execute various malicious actions, such as altering device settings, sending device information, and downloading malicious files. It is distributed through dropper applications that mimic IPTV services, often via SMS phishing. The malware operates in the background while the dropper appears as a legitimate app. Recent campaigns have focused on regions like Spain, Portugal, France, and Turkey, indicating a growing threat landscape. The operators of Massiv are developing it further, suggesting intentions to offer it as a Malware-as-a-Service.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

AppWizard

February 18, 2026

Minecraft 26.1 Snapshot 8

Players can expect the introduction of the final baby mobs, including visual updates for pandas, hoglins, zoglins, striders, and snifflets. The Stonecutter now allows crafting of Deepslate and stone into various cobbled variants. Adult horses have updated black dot markings, and sound assets for adult variants have been enhanced. A bug related to cat variant sounds has been fixed. Hitboxes for several mobs have been adjusted to fit into smaller spaces. Operators can use Ctrl + Pick input on players and mannequins in Creative Mode. Input Method Editors will now appear above the text field in supported platforms. A new debug screen entry for memory usage has been added, and the initial heap size has been decreased to 2GB to reduce crashes. The Data Pack version is updated to 99.2, and the Resource Pack version is at 81.1. New UI sprites and entity textures for various baby mobs have been introduced. Several bugs have been fixed in the snapshot.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

TrendTechie

February 14, 2026

Anna’s Archive начала выкладывать записи Spotify

The administrators of Anna’s Archive have released 6.4 terabytes of music, allegedly sourced from Spotify, despite facing legal challenges. The release includes over 2.8 million audio files distributed across 47 torrents. A Reddit user confirmed that the hash of some downloaded files matches the published metadata. The torrents contain music files with embedded media information and metadata, primarily featuring lesser-known tracks tagged as “pop_0.” This release is part of a claimed total of 300 terabytes of data encompassing 86 million listens on Spotify. Spotify has blocked unauthorized accounts involved in illegal data collection and filed a trillion-dollar lawsuit against the library's operators. The shadow library has temporarily removed its section for downloading Spotify content. Storing the entire music archive would require at least 50 hard drives, each costing around 0.