overlays Archives

AppWizard

February 28, 2026

Best Marathon settings for peak gaming PC performance

Bungie's multiplayer FPS, Marathon, is currently in an early Server Slam until March 2, with a full release on March 6. The game is designed to be accessible on mid-range PCs and does not require high-end GPU power. Initial settings for optimal performance include Vsync on, frame rate cap off, field of view at 90°, and high graphics quality. Players can expect an average frame rate of 84fps with 60fps for 1% lows. The game is not compatible with the Steam Deck due to BattleEye anti-cheat technology but runs smoothly on other Windows-based handheld devices. While an SSD is not required, it is recommended for better load times. Performance monitoring can be done via a built-in FPS counter or overlays from Nvidia and AMD.

Tech Optimizer

February 24, 2026

Fake Zoom meeting “update” silently installs surveillance software

A deceptive website, uswebzoomus[.]com/zoom/, poses as a Zoom meeting platform and installs surveillance software on Windows devices without user consent. The software is a covert version of Teramind, a commercial monitoring tool. The site creates a fake Zoom waiting room experience, complete with scripted participants and background audio, to trick users into downloading a malicious file named zoomagentx64s-i(_941afee582cc71135202939296679e229dd7cced) (1).msi. This file is preconfigured to connect to an attacker-controlled Teramind server and operates in stealth mode, leaving minimal traces on the device. The installation process collects information about the device and is designed to evade detection by security tools. If users suspect they have been affected, they are advised not to open the downloaded file, check for its installation, and change passwords from a clean device.

Tech Optimizer

February 22, 2026

Researchers Discover First Android Malware Using Generative AI for Persistence

Security researchers have identified a new Android Trojan named PromptSpy that uses generative AI technology to enhance its persistence on compromised devices. Discovered by ESET researchers, PromptSpy leverages Google's Gemini AI model to analyze infected device screens and generate tailored instructions for embedding itself within recent apps lists. It includes a Virtual Network Computing (VNC) module that allows attackers full remote control over the device, enabling activities such as viewing the screen, performing actions remotely, capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. The malware communicates with command-and-control servers using AES encryption and exploits Android Accessibility Services, making it difficult to remove. PromptSpy is distributed through a dedicated website and is financially motivated, adapting to various Android interfaces and operating system versions. ESET's analysis indicates that the malware is regionally targeted, with a focus on Argentina, and may have been developed in a Chinese-speaking environment. The same threat actor is believed to be responsible for both VNCSpy and PromptSpy.

AppWizard

February 20, 2026

Dangerous Massiv Android malware poses as IPTV app to infect devices and steal banking info

Security researchers from ThreatFabric have identified a deceptive application named “Massiv,” which masquerades as a legitimate IPTV service but is actually a banking trojan designed to compromise users' financial security. The malware primarily targets users in Portugal, using tactics like screen overlays and keylogging to steal sensitive data. Many users download unofficial IPTV apps, which are often fraudulent and do not provide access to pirated broadcasts. The stolen information is exploited by cybercriminals to open fraudulent bank accounts and launder money, putting victims in precarious financial situations and posing risks to the integrity of financial systems.

AppWizard

February 20, 2026

Google cleans house, bans 80,000 developer accounts from the Play Store

Google blocked the publication of over 1.75 million policy-violating applications on its Google Play platform in 2025 and took action against over 80,000 developer accounts attempting to introduce harmful apps. The company conducted more than 10,000 safety checks on every app and integrated generative AI models into its app review process, preventing over 255,000 apps from gaining excessive access to sensitive user data. Google blocked 160 million fake or manipulated ratings and reviews in the previous year and identified more than 27 million new malicious apps from outside Google Play, thwarting 266 million risky installation attempts in 2025. Google introduced in-call scam protection to prevent users from disabling Google Play Protect during phone calls. The Play Policy Insights tool provides developers with real-time feedback, and the Play Integrity API performs over 20 billion daily checks to prevent abuse. Google plans to extend developer verification to all developers and has implemented protections for sensitive data in Android 16.

AppWizard

February 19, 2026

PromptSpy Android Malware Abuses Google Gemini to Automate Recent-Apps Persistence

Cybersecurity researchers have identified a new Android malware named PromptSpy that utilizes Google's Gemini AI chatbot to enhance its capabilities and persistence on infected devices. PromptSpy can capture lockscreen data, obstruct uninstallation, gather device information, take screenshots, and record screen activity. It integrates Gemini to analyze the current screen and provide instructions to keep the malware active in the recent apps list. The malware uses a hard-coded AI model and communicates with a command-and-control server via the VNC protocol, allowing remote access to the victim's device. It is financially motivated, targeting users in Argentina, and was developed in a Chinese-speaking environment. PromptSpy is distributed through a dedicated website and is considered an advanced version of a previously unidentified malware called VNCSpy.

AppWizard

February 19, 2026

New ‘Massiv’ Android banking malware poses as an IPTV app

A new strain of Android banking malware called Massiv is disguised as an IPTV application to steal digital identities and access online banking accounts. It uses screen overlays and keylogging techniques to capture sensitive information and can take remote control of compromised devices. Massiv has been observed targeting a Portuguese government application related to Chave Móvel Digital, which contains user data that could bypass know-your-customer (KYC) verifications. The malware allows fraudsters to open accounts in the victim's name at new banks and services, enabling money laundering and loan acquisition. Massiv features two remote control modes: a screen live-streaming mode and a UI-tree mode that extracts structured data from the Accessibility Service. There has been an increase in the use of IPTV applications as bait for Android malware infections, with many of these apps serving as droppers for the malware. The fake IPTV apps primarily target users in Spain, Portugal, France, and Turkey. Users are advised to download applications only from reputable sources and keep security measures active.

AppWizard

February 19, 2026

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have identified a new Android trojan named Massiv, designed for device takeover attacks targeting financial theft. It disguises itself as IPTV applications and poses risks to mobile banking users by allowing operators to remotely control infected devices for fraudulent transactions. The malware was first detected in campaigns targeting users in Portugal and Greece, with features including screen streaming, keylogging, SMS interception, and fake overlays for credential theft. One campaign specifically targeted the gov.pt application to deceive users into providing sensitive information. Massiv can execute various malicious actions, such as altering device settings, sending device information, and downloading malicious files. It is distributed through dropper applications that mimic IPTV services, often via SMS phishing. The malware operates in the background while the dropper appears as a legitimate app. Recent campaigns have focused on regions like Spain, Portugal, France, and Turkey, indicating a growing threat landscape. The operators of Massiv are developing it further, suggesting intentions to offer it as a Malware-as-a-Service.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

AppWizard

December 31, 2025

Google Revamps Gemini AI Android App with Dynamic Floating Input Bar

Google is refining the user experience of its Gemini app on Android devices by transitioning from a static prompt bar to a fluid, floating pill-shaped design. This update is currently available in beta versions and aims to address user feedback regarding visual clutter. The new design condenses input options into a sleek bar that expands when the keyboard is activated, hiding some tools behind a ‘+’ menu to streamline interactions. The redesign reflects Google’s commitment to making AI interactions more intuitive and aligns with broader trends in minimalism among AI interfaces. Additionally, the update could influence third-party integrations and may be part of a strategy to fully replace Google Assistant with Gemini by 2026. User reactions to the redesign are mixed, with some expressing excitement over the modern look while others are concerned about hidden features complicating usability.