Phishing Archives

Tech Optimizer

April 16, 2026

MiningDropper Android Malware Exploits Lumolight App

Researchers at Cyble Research and Intelligence Labs (CRIL) have discovered an Android malware framework called MiningDropper, which is being used in various campaigns to distribute malicious payloads such as cryptocurrency miners, infostealers, Remote Access Trojans (RATs), and banking malware. Over 1,500 MiningDropper samples were detected in one month, with many showing minimal antivirus detection. MiningDropper operates as a multi-stage delivery framework that employs techniques like XOR-based obfuscation and AES encryption to evade detection. A recent variant uses a trojanized version of the Lumolight application as the initial infection vector, often spread through phishing links and fraudulent websites. The malware executes a series of stages, starting with decrypting an embedded asset and loading additional payloads, including a counterfeit Google Play update interface to deceive users. Two main campaign clusters have been identified: an infostealer campaign targeting Indian users by impersonating trusted entities, and a global campaign distributing the BTMOB RAT, which enables credential theft and device takeover. The final payload capabilities include extracting sensitive data, enabling full device compromise, facilitating financial fraud, and unauthorized cryptocurrency mining. MiningDropper's modularity allows it to adapt and scale across various campaigns while maintaining low detection rates.

Tech Optimizer

April 16, 2026

Trend Micro Security Suite Pro Plus Review 2026: Is It The Best Protection?

The review of Trend Micro Security Suite Pro Plus highlights its features, pricing, and performance. The subscription costs A.95 for a 12-month period and includes multi-device antivirus protection, anti-scam software, a VPN, and identity theft protection. The pricing structure for other plans ranges from A.95 for Maximum Security to A9.95 for Security Suite Ultimate. Key features include AI-scam detection, gamer mode, and Folder Shield for ransomware protection. The installation process requires separate logins for each component, which is seen as outdated. The user interface is functional but minimalistic, and compatibility extends to Windows, MacOS, iOS, and Android. The VPN is developed in-house, and phishing protection is provided through a browser extension. Lab tests show mixed results, with Trend Micro performing well in real-time web threat protection but lagging in offline malware detection. Overall, it is considered a competitively priced option for online security.

Tech Optimizer

April 15, 2026

Malware Is Scary. Here’s CNET’s Guide to Cleaning an Infected Laptop

88% of U.S. adults with laptops have taken measures against potential malware in the past year. Among those who encountered malware, 60% manually deleted the file or closed the offending website, while 35% initiated an anti-malware scan. Recommended steps for responding to a malware infection include disconnecting the device from Wi-Fi, connecting to a guest network, using antivirus software to remove the threat, and performing a factory reset or wiping the hard drive if necessary. It is advised to run at least two different antivirus programs to ensure comprehensive protection and to avoid restoring data from backups that may harbor malware.

Winsage

April 15, 2026

Microsoft releases Windows 10 KB5082200 extended security update

Microsoft has released the Windows 10 KB5082200 extended security update, addressing vulnerabilities from the April 2026 Patch Tuesday, including two critical zero-day flaws. The update enhances security with new protections against phishing attacks using Remote Desktop Protocol (.rdp) files and provides updated indicators in Windows Security for new Secure Boot certificates. Users can install the update by checking for updates in the Windows Update settings. After installation, Windows 10 will upgrade to build 19045.7184, and Windows 10 Enterprise LTSC 2021 will transition to build 19044.7184. The update resolves a total of 167 vulnerabilities, including two significant zero-day issues, and includes fixes for signing into Microsoft apps, enhanced Remote Desktop security, dynamic Secure Boot status reporting, and issues affecting Intel-based devices with Connected Standby. Microsoft is also rolling out new Secure Boot certificates to replace older ones expiring in June 2026, with no known issues reported for this update.

Tech Optimizer

April 15, 2026

Avast Antivirus: Free Protection Faces Rising AI Threats in Cybersecurity Market

Avast Antivirus offers a robust free version with premium features, providing high-quality protection against cyber threats, including viruses, spyware, and ransomware. Key features include Smart Scan, Password Manager, and Network Inspector, which help users identify vulnerabilities and safeguard their data. Avast has a global user base of over 435 million and is particularly relevant in the U.S., where data breaches affect millions annually. The company operates under Gen Digital, which acquired Avast in 2022, leveraging a freemium model to attract users and upsell advanced features. Avast focuses on AI-driven threat detection and maintains a strong market position against competitors like Norton and McAfee. The global cybersecurity market has surpassed 0 billion, driven by increasing threats, and Avast counters these with machine learning capabilities. Risks for Avast include zero-day exploits, privacy concerns, and competition from built-in OS protections. Avast's cloud-based updates and multilingual support enhance its appeal, while its integration with smart home devices is planned for the future.

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

Tech Optimizer

April 14, 2026

Fake Windows 11 24H2 Update Site Distributes Password-Stealing Malware

A recent discovery by Malwarebytes has identified a cyber threat involving a typosquatted domain that mimics official Microsoft support pages. This site uses authentic branding and KB-style reference numbers to deceive users into downloading what appears to be a legitimate cumulative update. The malware, once installed, operates stealthily, stealing passwords from browsers and active sessions, which allows attackers to bypass two-factor authentication. The stolen data is sent to external servers through encrypted channels. Initial scans showed zero detections by multiple antivirus engines due to the malware's obfuscated scripts. It also modifies system startup entries and creates disguised shortcuts for persistence. Microsoft has not yet released Windows 11 version 24H2 to general users, and updates should only be obtained through official channels to avoid potential threats.

Winsage

April 14, 2026

This fake Windows 11 24H2 update looks perfect, until it avoids antivirus and steals your passwords

Cybercriminals are using sophisticated tactics to deceive users, particularly with a counterfeit website posing as a legitimate Windows 11 update. This site operates under the domain microsoft-update[.]support and is designed to trick individuals into downloading malware that compromises sensitive information. The site is written in French and mimics a genuine cumulative update for Windows 11, version 24H2, featuring a convincing KB article number and a blue download button. The malware is packaged as a Windows update using the WiX Toolset 4.0.0.5512 and is labeled "WindowsUpdate 1.0.0.msi," with properties that suggest it is from Microsoft. At the time of analysis, VirusTotal showed no detections for the malware, which conceals its harmful code within an Electron shell, making it difficult to identify. Users are advised to download updates directly through the Windows Settings app or from Microsoft's official support hub.

Tech Optimizer

April 14, 2026

Norton (durch Symantec Übernahme teilweise verknüpft, aber Marke liegt bei Gen Digital. Broadcom i

Norton, owned by Gen Digital, provides antivirus software, VPN services, and identity theft monitoring to protect users from cyber threats such as malware and phishing attacks. The company emphasizes subscription-based revenue through Norton 360, which bundles various security features, ensuring predictable cash flow. Norton competes with other antivirus brands like McAfee and Bitdefender, maintaining a strong market share in North America due to its established brand trust. The demand for cybersecurity tools is driven by rising cyber threats, including ransomware attacks and increased remote work, which necessitate robust online protection. Gen Digital is investing in AI-driven threat detection and expanding its offerings to address evolving security needs. However, Norton faces challenges from free alternatives, potential privacy concerns, and macroeconomic pressures that could affect consumer spending on security products.

Winsage

April 13, 2026

Stealthy Malware Campaign Uses Fake Windows Update Site To Infect PCs

A new malware campaign targets Windows users by using a fraudulent clone of a Microsoft website to steal sensitive information. Victims are directed to a typo-squatted web address that resembles an official site, where they are prompted to download a file named WindowsUpdate 1.0.0.msi. This file uses a legitimate open-source installer framework and incorporates Electron, JavaScript, and Python, making it difficult to detect; VirusTotal showed zero detections across 69 engines. The malware maintains persistence by modifying the Windows registry and placing a shortcut named Spotify.lnk in the startup folder. Currently, the campaign primarily targets French-speaking users, but similar tactics may spread to other regions. Users are advised to apply updates only through the Windows Update feature in the Settings menu.