permissions Archives

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.

AppWizard

April 28, 2026

10,000 Users Exposed As Fake Document Reader App Delivers Anatsa Banking Trojan

Security researchers from ThreatLabz discovered a malicious document reader app on the Google Play Store that delivered the Anatsa Android banking trojan. The app, which had over 10,000 downloads before its removal, disguised itself as a legitimate file management tool using the package name com.groundstation.informationcontrol.filestationbrowsefilesreaddocs. It employed a "dropper" technique to hide its malicious code, connecting to an external server to retrieve the malware payload after installation. Anatsa is designed to steal financial information by overlaying a fake login screen over legitimate banking apps, capturing user credentials and enabling unauthorized transactions. Users are advised to delete the app and monitor their financial accounts. Technical indicators for identifying infections include the Anatsa Installer SHA256 (5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20), Payload URL (http://23.251.108[.]10:8080/privacy.txt), Payload SHA256 Hash (88fd72ac0cdab37c74ce14901c5daf214bd54f64e0e68093526a0076df4e042f), and Command and Control servers (http://172.86.91[.]94/api/ and http://193.24.123[.]18:85/api/).

Winsage

April 28, 2026

How to Record Windows 11 Internal Audio with Audacity for Free

Windows 11 does not have a built-in option to record internal audio directly from PC speakers. The Stereo Mix feature, which allowed easy recording of audio output, has been phased out on many modern devices. Microsoft's Voice Recorder app only captures microphone audio. Audacity, a free and open-source audio editor, can be used to record internal audio by configuring it to use the Windows WASAPI audio API with a loopback function. This method captures the digital audio stream without quality loss. To record internal audio with Audacity, users need to download and install the software, set the audio host to Windows WASAPI, select the appropriate loopback device, set recording channels to stereo, and then hit record while playing the desired audio. The recorded audio can be exported in various formats such as WAV, MP3, or FLAC. If the WASAPI loopback does not work, users can try enabling Stereo Mix if available or using a virtual audio cable like VB-CABLE. Tips for cleaner recordings include setting the project rate to 44100 Hz or 48000 Hz, disabling audio enhancements, and closing distracting applications. Common issues include no audio recorded, loopback devices not showing up, distorted sound, low volume, and microphone access denial, which can usually be resolved through settings adjustments or driver updates.

AppWizard

April 27, 2026

LivU Chat App Download Guide: How To Install The APK On Android

Android users often seek APK files for app installations to ensure compatibility and a reliable download path. For the LivU chat app, it is recommended to start from the official website to avoid outdated versions. Users should check their device for sufficient storage, an up-to-date operating system, and a stable internet connection before installation. The installation process involves downloading the app, reviewing permissions, and completing the setup by creating or signing into an account. Common installation issues include low storage, interrupted connections, and unsupported Android versions, which can often be resolved by restarting the device or ensuring a stable network.

AppWizard

April 25, 2026

Android Hackers Target 800 Banking, Crypto and Social Media Apps With ‘Near-Zero Detection Rates’: Zimperium

Android hackers are targeting over 800 applications in banking, cryptocurrency, and social media sectors, utilizing four active malware families: RecruitRat, SaferRat, Astrinox, and Massiv. These malware employ advanced techniques to evade detection and execute credential theft, unauthorized financial transactions, and data exfiltration. Attackers lure victims through phishing websites, fraudulent job offers, fake software updates, text-message scams, and promotional lures. Once installed, the malware can request Accessibility permissions, obscure app icons, obstruct uninstallation, and steal sensitive information through counterfeit lock screens. They can also capture one-time passcodes, stream device screens, and overlay fake login pages on legitimate applications. The malware uses HTTPS and WebSocket communications to blend malicious traffic with normal activity and may incorporate encryption layers to avoid detection.

AppWizard

April 23, 2026

Binance’s Android app is quietly running TikTok and WeChat SDKs alongside 13 other trackers

Security researchers have found that the Binance Android app includes SDKs from ByteDance and Tencent, along with 13 additional third-party trackers. This raises privacy concerns for users, as the TikTok SDK collects device fingerprints, behavioral signals, and potentially clipboard data, while the WeChat SDK adds functionalities not necessary for a financial trading platform. The incorporation of these SDKs could expose sensitive financial information. Under EU GDPR and FTC regulations, undisclosed telemetry in financial apps may be considered deceptive trade practices, potentially leading to regulatory repercussions for Binance. Users are advised to revoke permissions from the app or switch to the browser-based platform. The situation could prompt regulatory scrutiny and audits of cryptocurrency asset management apps.

AppWizard

April 22, 2026

Nothing’s “AirDrop” app returns after a short absence – but there’s a catch

Nothing has launched a new file transfer tool named Warp, which allows users to share files, images, copied text, and links between devices using Google Drive. Users need to be signed into their Google accounts to utilize the tool effectively. The announcement was made on the Nothing Forum, and users are encouraged to install a browser extension and a dedicated app. The app was temporarily removed from the app store shortly after its launch but has since returned. The Chrome extension supports file sharing on PCs, while the mobile app integrates into the device's share menu. Users can share content by selecting "Nothing Warp" from the menu. The tool is designed for simplicity but may experience slow upload speeds for larger files. It addresses specific user needs rather than serving as a comprehensive multi-platform solution.

Tech Optimizer

April 22, 2026

Best Android Antivirus Apps for 2026 With Powerful Malware Defense, Anti‑Theft Features, and Privacy Protection

In 2026, Android users face increasing threats from sophisticated malware, theft tactics, and tracking, making antivirus apps essential for daily security. Android remains a prime target for cybercriminals, with built-in protections insufficient against risks from dubious apps, malicious websites, and unsecured Wi-Fi networks. Antivirus apps enhance security through real-time malware scanning, safer browsing, and device management features. Norton 360 for Android offers strong malware detection and privacy tools, including real-time scans and web protection. Bitdefender Mobile Security provides high malware detection rates with minimal device performance impact, featuring cloud-based scanning and a built-in VPN. Avast Mobile Security is a popular free option with anti-theft capabilities, while Avira Security focuses on privacy protection with a lightweight design. McAfee Mobile Security supports multi-device security and includes identity-monitoring features. Kaspersky and other antivirus options emphasize malware detection, web protection, and anti-theft tools. Choosing the right antivirus app depends on individual priorities, such as malware protection, anti-theft controls, or privacy features. Users should consider factors like price, device count, and performance when selecting an app.

AppWizard

April 22, 2026

Tired Of Google Messages? These 4 Texting Apps Might Be Better For You

Samsung plans to retire its proprietary messaging app by July 2026, leading many Android users to rely on Google Messages. Major carriers like AT&T have stopped supporting their own messaging apps, potentially creating a monopoly. Alternative SMS-enabled apps include: - Pulse SMS: Syncs across devices, offers password-protected cloud backups, and has end-to-end encryption for stored conversations. It has a 3.6-star rating on Google Play. - Chomp SMS: Highly customizable with features like scheduled messages and block lists. It remains free with ads, but some users find the customization options complex. - Handcent Next SMS: Incorporates AI for features like text extraction and grammar checks. It has over one million downloads and a 4.4-star rating, but requests a high number of permissions. - Textra SMS: Offers faster performance and extensive customization, aiming to replace default messaging apps. It follows a "free forever" model but lacks cross-device functionality and encryption. The selection of these alternatives was based on Google Play ratings above 3.5 stars, a minimum of 50,000 user reviews, and recent updates.

AppWizard

April 21, 2026

Trojanized Android App Fuels New Wave of NFC Fraud

A new variant of the NGate malware family has emerged, using a trojanized Android application to capture payment card data and personal identification numbers (PINs). This modified version of HandyPay, a legitimate NFC relay app, has been distributed since November 2025, primarily targeting users in Brazil. The malware intercepts NFC payment card data and allows fraudulent transactions. Two distinct malware samples have been observed, delivered through phishing infrastructure that impersonates a Brazilian lottery site and a Google Play listing for a card protection tool. The trojanized app captures NFC data, requests the victim's card PIN, and transmits this information to attacker-controlled infrastructure. It requires minimal permissions, leveraging its role as the default payment application to evade detection. Evidence suggests that generative AI tools may have been used in its development, indicated by emoji markers in debug logs. ESET has reported its findings to Google, and Google Play Protect can detect known versions of the malware. The developer of HandyPay is investigating the misuse of its application.