North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.
ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.
Bitdefender Mobile Security is currently regarded as the best mobile antivirus software, achieving a 100% detection rate for malware on Android devices according to AV-TEST's August 2025 report. The 2026 version introduces App Anomaly Detection and includes features like Scam Alert and anti-theft tools. Sophos Intercept X for Mobile offers a free version with a perfect score in AV-TEST's comparisons and features such as multi-factor authentication and a Privacy Advisor. Surfshark Antivirus, part of the Surfshark One package, scored six out of six in AV-TEST's evaluations and includes various security tools, but is only available for Android, macOS, and Windows. Avast Mobile Security is a popular free option with robust features and achieved perfect scores in protection and usability in AV-TEST's September-October 2025 report. AVG Antivirus, operating on the same engine as Avast, also detected 100% of malware in AV-TEST's March-April 2025 evaluations and includes anti-theft tools.
Securing all devices with antivirus protection is essential, and while free options can provide adequate defense, Microsoft claims that Microsoft Defender Antivirus is sufficient as the sole line of defense for Windows. Microsoft Defender has evolved since its inception in 1993, but historically it struggled against independent antivirus solutions. Microsoft argues that its telemetry is a better measure of effectiveness than lab scores, highlighting Defender's capabilities against running files, unsafe links, and unauthorized changes. However, it acknowledges that users with multiple devices may need third-party solutions, as Defender does not support non-Windows devices. Defender's phishing protection is limited to the Edge browser, and it lacks many features standard in other free antivirus solutions, such as dark web monitoring and VPN protection. Additionally, it does not utilize Windows Copilot for scam detection, leaving users vulnerable. Its user interface is also considered less intuitive compared to competitors. While Defender offers basic protection, it is not comprehensive enough for most users, who may benefit from exploring third-party antivirus options for enhanced security.
Surfshark One+ with Incogni is a comprehensive online privacy solution that combines a VPN, antivirus protection, and personal data removal services. The two-year plan is currently priced at .99, reduced from its regular price of 9.40. The Surfshark component includes a VPN, real-time antivirus protection, and Surfshark Alert for data breach notifications, while Incogni handles the removal of personal information from over 420 data brokers. Incogni has processed over 245 million removal requests, verified by Deloitte, and offers identity theft coverage of up to million. The service supports up to five devices and is compatible with various operating systems.
Microsoft Defender Antivirus, originally launched in 1993 as Microsoft Anti-Virus for MS-DOS, has evolved over the years but historically struggled with effective malware protection. Recent improvements have led to better performance in independent lab tests. Microsoft claims that Defender's built-in capabilities are sufficient for protection against various threats, but it acknowledges that third-party antivirus solutions may be necessary for users with multiple devices. Defender's phishing protection is limited to the Edge browser, and it lacks many features found in competing antivirus products, such as advanced scam protection and a user-friendly interface. While Defender offers basic protection, it may not meet the needs of most users in today's digital landscape.
Relying on a single Google account for access to various services poses significant vulnerabilities, including the risk of account lockout due to forgotten credentials, phishing attacks, or arbitrary bans. This centralized approach can lead to loss of access to critical data and services. Sophisticated phishing techniques, such as Adversary-in-the-Middle (AiTM) attacks, can compromise account security by mimicking legitimate login screens. Additionally, linking multiple services through a Google account contributes to a comprehensive digital footprint that Google can analyze, raising privacy concerns. To enhance digital security, users are advised to create standalone accounts for various services and utilize password managers like KeePass, Bitwarden, and 1Password to maintain unique credentials.
Meta AI has been integrated into Facebook, Instagram, WhatsApp, and Messenger, enhancing user experiences with features like search functionalities, chat interactions, and content generation. Users express a desire to limit their interactions with Meta AI due to concerns about transparency, privacy, and data security. The AI model is trained on diverse data sources, including public posts and user interactions, raising issues regarding data control. On WhatsApp, personal messages and calls are end-to-end encrypted, while Instagram may share past messages with Meta AI for context. Security vulnerabilities have been reported, including incidents of data mishandling. Currently, there is no comprehensive option to disable Meta AI across all platforms, but users can take steps to limit interactions, such as muting AI prompts and adjusting privacy settings. Users in the E.U. and U.K. can object to certain data uses under GDPR by submitting requests through their Meta accounts. To protect privacy, users are advised to opt out of AI training, limit personal data sharing, and use privacy tools like VPNs.
On April 26, hackers allegedly linked to Russian groups targeted the Signal messaging app with phishing attacks aimed at senior politicians. These attacks did not compromise Signal's end-to-end encryption; rather, they deceived users into providing access to their accounts through fake messages. Signal is operated by the non-profit Signal Foundation, founded in 2012 by Moxie Marlinspike with funding from Brian Acton, a co-founder of WhatsApp. Signal distinguishes itself by rendering metadata invisible to its operators, unlike WhatsApp, which shares user data with its parent company. Signal's president, Meredith Whittaker, advocates for data privacy.
Reports from Washington, DC, have raised concerns among Messenger app users regarding the future of the app and user data. Clarifications indicate that there is no complete shutdown planned for the app, but potential updates or modifications to services and features may occur. The parent company routinely implements updates, which may include removing outdated features or integrating services into other applications. User conversations are not being abruptly deleted; they remain securely stored in line with the company's storage policies, and users can access their data as long as their accounts are active. Experts advise users to stay informed through official updates and to be cautious of rumors on social media regarding privacy and data security.
