persistence Archives

Winsage

March 17, 2026

Windows 11 March Update Blocks C: Drive Access for Some Users

The March 2026 Windows 11 update (KB5079473) has caused significant issues for users, including inaccessible C: drives, system crashes, and freezing. Reports indicate that Samsung Galaxy Book device owners are particularly affected, with complete blockage of access to the C: drive. Microsoft acknowledges the "C: is not accessible - Access denied" issue, linking it to the Samsung Galaxy Connect application, and is working on a resolution. The affected devices include various models of the Samsung Galaxy Book 4 and certain Samsung Desktop models running Windows 11 versions 24H2 and 25H2. While Microsoft claims only Samsung users are impacted, it is unclear if other manufacturers are experiencing similar problems. The update has raised concerns about the quality assurance processes prior to releases.

Winsage

March 14, 2026

Announcing Windows 11 Insider Preview Build for Canary Channel 29550.1000

Windows Insider Preview Build 29550.1000 has been released to the Windows 11 Insider Canary Channel. New features include: - Emoji 16.0 release with a curated set of new emojis. - Camera settings now allow control of pan and tilt for supported cameras. - Global power settings changes apply to all power plans. - Voice typing can be used when renaming files in File Explorer. - Improved performance and reliability in the Settings app and nearby sharing for larger files. Users are reminded that these builds can be unstable and may have limited documentation. Features may change or be removed and may not be released beyond Windows Insiders. A clean install is required to leave the Canary Channel.

AppWizard

March 13, 2026

Minecraft 26.1 Pre-Release 2

The pre-release for version 26.1 has been shipped, featuring technical adjustments and fixes related to the Tiny Takeover game. Key changes include: - Adjusted dismount speed thresholds for Spears. - Fixed animation issues for the Baby Axolotl's hind leg. - Scaled the Baby Cat to match the Baby Ocelot's size. - Corrected the scaling of the Baby Horse model. New UI enhancements include an "Exclusive Fullscreen" display option, which requires a game restart to take effect and may limit certain input methods. Trade adjustments now ensure the Master Librarian offers three trades, including an enchanted book trade during the Rebalance experiment. Technical changes include the discarding of text components nested more than 16 times in server status messages. Fixed bugs in this pre-release include issues with despawning trader llamas, skeletons, cats, hoglins, zoglins, dolphins, squids, and various other gameplay and UI bugs. Players can access the pre-release through the Minecraft Launcher by enabling snapshots, but should back up their data as testing versions may corrupt worlds.

AppWizard

March 13, 2026

Ever complained about Overwatch matchmaking? There’s a chance Jeff Kaplan checked your account and all he has to say is: ‘There’s gotta be winners and there’s gotta be losers’

Matchmaking in Overwatch is challenging for players trying to escape "Elo-hell," with a tendency for win-loss ratios to hover around 50% for most players, except for the elite top 500 or those struggling significantly. Former Overwatch lead Jeff Kaplan describes matchmaking as a complex design task that inevitably results in winners and losers. Players often express frustration over losing streaks, which can be psychologically impactful. Kaplan notes that players tend to complain more about losses than celebrate wins, highlighting a contradiction in their expectations for fair matches. Despite the difficulties, Overwatch has made progress in matchmaking and hero balancing, indicating a strong player connection to the game.

AppWizard

March 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have identified six new families of Android malware designed to extract sensitive data and facilitate financial fraud. Notable threats include: - PixRevolution: Targets Brazil's Pix payment platform, activates during Pix transfers, and uses real-time monitoring to intervene in transactions. Victims are tricked into installing malicious apps from counterfeit Google Play Store listings, which enable accessibility services for the malware to capture screens and overlay fake interfaces to reroute funds. - BeatBanker: Spreads through phishing attacks disguised as legitimate Google Play Store pages. It uses an inaudible audio loop for persistence, functions as a banking trojan, and includes a cryptocurrency miner. It creates deceptive overlays for platforms like Binance and Trust Wallet to divert funds and can monitor web browsers and execute remote commands. - TaxiSpy RAT: Exploits accessibility services to gather sensitive information such as SMS messages and call logs, targeting banking and cryptocurrency applications with overlays for credential theft. It employs advanced evasion techniques like native library encryption and real-time remote control. - Mirax: A private malware-as-a-service (MaaS) offering with a subscription model that provides tools for banking overlays and information gathering, including keystrokes and SMS. - Oblivion: Another Android RAT available at a competitive price, featuring capabilities to bypass security measures on various devices. - SURXRAT: Distributed through a Telegram-based MaaS ecosystem, it uses accessibility permissions for persistent control and communicates with a Firebase-based command-and-control infrastructure. Some samples incorporate a large language model component, indicating experimentation with AI by threat actors.

AppWizard

March 11, 2026

New BeatBanker Android malware poses as Starlink app to hijack devices

A newly identified Android malware called BeatBanker disguises itself as a Starlink application on fake Google Play Store websites. It functions as a banking trojan and includes Monero mining capabilities, allowing it to steal credentials and manipulate cryptocurrency transactions. Researchers at Kaspersky traced BeatBanker to campaigns targeting users in Brazil. The latest version uses the BTMOB RAT for remote access, enabling keylogging, screen recording, camera access, GPS tracking, and credential capture. BeatBanker is distributed as an APK file that decrypts and loads hidden code into memory, conducting environment checks before activation. It presents a fake Play Store update screen to trick users into granting permissions for additional payloads. To avoid detection, it delays malicious operations and plays a nearly inaudible MP3 file to maintain persistent activity. The malware uses a modified version of the XMRig miner to mine Monero on Android devices, connecting to mining pools through encrypted TLS connections. It can start or stop mining based on device conditions and uses Firebase Cloud Messaging to relay device information to its command-and-control server. Currently, BeatBanker infections have only been observed in Brazil, but there are concerns about its potential spread. Users are advised to avoid side-loading APKs from untrusted sources and to review app permissions regularly.

AppWizard

March 6, 2026

Google says these AI models are best at coding Android apps

Google is testing various AI models for Android app development through a new platform called “Android Bench,” which evaluates the performance of leading AI language models (LLMs) against benchmarks specific to Android development. The benchmarks assess capabilities in areas such as Jetpack Compose, asynchronous programming, data persistence, dependency injection, navigation migrations, Gradle/build configurations, and interaction with Android components. Google has identified Gemini 3.1 Pro Preview as the top-performing model with a score of 72.4%, followed by Claude Opus 4.6 at 66.6% and OpenAI’s GPT 5.2 Codex at 62.5%. Gemini 2.5 Flash scored the lowest at 16.1%.

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

AppWizard

March 4, 2026

Esoteric Ebb Review

Esoteric Ebb is a role-playing game inspired by Disco Elysium, focusing on exploration rather than combat, and features a narrative rich in literary and political themes. The game blends narrative depth with mechanics similar to Dungeons & Dragons. - Price: £21 - Release Date: March 3, 2026 - Developer: Christoffer Bodegård - Publisher: Raw Fury - Reviewed on: Steam Deck, Windows 11 (Core i5 12600K, RX 9070 XT, 32GB RAM) - Steam Deck: Verified - Official site link available Gameplay includes strategic challenges, such as an early ambush by an assassin where players can use spells creatively. Some minor complaints include a cluttered user interface on the Steam Deck, cumbersome inventory management, typographic errors, and occasional UI glitches. There are also reports of bugged feats affecting gameplay. Despite these issues, the game is considered compelling for RPG enthusiasts and offers good value for its price.

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.