Phishing Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Tech Optimizer

February 27, 2026

Fake Avast Website Steals Users’ Credit Card Information

A phishing scam is targeting French-speaking users in Europe by impersonating Avast antivirus software. Victims are lured to a fraudulent website that mimics Avast's official portal, where they are tricked into providing credit card details due to a fabricated €499.99 charge and promises of a refund. The scam uses realistic branding, dynamic JavaScript for urgency, and live chat features to collect personal information. Users are asked to select refund reasons and submit their personal details, after which they are prompted for credit card information. The scam employs the Luhn algorithm to validate card numbers and displays a fake confirmation message after data submission. Key red flags include dynamic dates, tight deadlines, requests for full card re-entry, and suspicious live chat interactions. Avast has warned users about these scams and encourages reporting to authorities.

Tech Optimizer

February 26, 2026

Avast Antivirus Just Got Smarter: Is It Finally Worth Your Money?

Avast Antivirus has introduced advanced AI tools, enhanced browser protection, and new privacy features in the U.S. market. It offers real-time malware protection, phishing shields, and Wi-Fi scanning. Avast's product lineup includes a free version, a premium security plan, and Avast One, catering to different user needs. Independent lab tests show Avast ranks highly in malware blocking, competing with brands like Bitdefender and Kaspersky. However, users should be cautious of upselling practices and data collection concerns. The free version provides strong protection, while paid plans offer additional features like VPN and advanced ransomware protection. Avast is accessible on various platforms, and pricing fluctuates due to promotions. Users are advised to assess their needs and be mindful of renewal rates before subscribing.

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.

Tech Optimizer

February 24, 2026

Hackers Are Using Fake Invitations to Take Over Your PC

Cybercriminals are sending counterfeit email invitations that, when clicked, install a backdoor on the victim's computer, allowing hackers full control. The scam often involves downloading a file named “invites.msi,” which is a Windows Installer package. This file can install ScreenConnect, a legitimate remote support tool that can be exploited by attackers to monitor screens, access files, and deploy additional malware. Many security engines fail to flag this software as malicious, making it difficult to detect. If someone suspects they have fallen victim to this scam, they should disconnect from the internet, check for and uninstall any remote management software, run a comprehensive antivirus scan, change passwords for critical accounts, enable two-factor authentication, inform their IT department if applicable, and consider performing a full Windows reset. The scam originated from a compromised email account, which was used to send the malicious link to contacts. Implementing two-factor authentication and using a password manager can help prevent such incidents. Users should be cautious of any email invitations that require downloading and running installer files.

AppWizard

February 22, 2026

Google Blocks Millions of Risky Android Apps: Biggest Play Store Cleanup Yet

Google blocked approximately 1.75 million dangerous or policy-violating apps from reaching users in 2025 and shut down over 80,000 developer accounts associated with fraud, malware, and repeated policy violations. Play Protect identified millions of risky apps installed from external sources, and it scans apps in real-time, even after installation. Key reasons for app rejections include malware behavior, financial fraud, misuse of permissions, and deceptive advertisements. The crackdown results in safer app downloads, reduced risk of data theft, improved privacy enforcement, and lower exposure to counterfeit applications.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

Tech Optimizer

February 19, 2026

The 5 Biggest Cybersecurity Threats to Watch in 2026: Is Your Business Safe From These Looming Dangers? – Travel And Tour World

In 2026, cybersecurity has evolved significantly, necessitating organizations to prioritize five critical threats identified by expert Danny Mitchell from Heimdal: 1. AI Vulnerabilities: Attackers can manipulate machine learning models by introducing corrupted data, leading to dangerous decisions by AI systems. 2. Cyber-Enabled Fraud and Phishing: Phishing attacks have become more sophisticated with AI, using deepfake technology to impersonate individuals and evade detection. 3. Supply Chain Attacks: Cybercriminals exploit vulnerabilities in software libraries and vendor relationships, compromising trusted software updates and access credentials. 4. Software Vulnerabilities: The rapid discovery of software vulnerabilities outpaces patching efforts, leaving systems exposed to attacks, especially legacy systems. 5. Ransomware Attacks: Modern ransomware employs double extortion tactics, encrypting and stealing data, pressuring businesses to comply with ransom demands. Mitchell recommends strategies such as auditing AI systems, implementing multi-channel verification, securing supply chains, prioritizing patch management, and developing ransomware response plans to combat these threats.

Tech Optimizer

February 19, 2026

How to Install McAfee Antivirus on Windows 11 or 10

Installing third-party antivirus software like McAfee on Windows 11 can be challenging due to the built-in Windows Security, which can complicate the installation process. Users may face issues such as silent failures from conflicting software, permission problems on restricted machines, or restrictions due to S Mode on new laptops. Windows 11 includes Windows Security, which is effective for malware protection, but McAfee may be necessary for compliance, additional features, or centralized protection for multiple devices. McAfee supports Windows 11 Home, Pro, and Education editions but not Enterprise. The minimum hardware requirements include a processor of 1 GHz or faster, at least 2 GB of RAM (4 GB recommended), 1.3 GB of free disk space, an internet connection for download and updates, and a display resolution of at least 1024×768. McAfee requires a persistent internet connection for activation and updates. Before installing McAfee, users should check if their device is in S Mode, as McAfee cannot be installed in this mode. They must remove any existing antivirus software completely, as leftover files can interfere with the installation. Users should also ensure that Windows 11 is up to date and verify that there is enough disk space available. To download McAfee, users should go directly to the McAfee trial page to avoid scams. After downloading, they need to run the installer and restart their computer after installation. Users should then activate McAfee, run a manual update, and conduct a full system scan. Common installation problems include freezes during download, errors due to S Mode, and issues with Windows Security not recognizing McAfee as the active antivirus. Users can verify that McAfee is functioning correctly by checking the system tray icon, Windows Security settings, and the McAfee dashboard. To uninstall McAfee, users should go to Settings > Apps > Installed Apps, select McAfee, and follow the prompts to remove it. After uninstallation, Windows Security will reactivate automatically. McAfee offers several plans for Windows users, including Basic, Essential, Premium, and Advanced, each with different features and device limits. The Basic plan is suitable for single-device users without additional needs, while families may benefit from the Essential or Premium plans.