processes Archives

Winsage

March 9, 2025

Threat Actors Leverage YouTubers to Attack Windows Systems Via SilentCryptoMiner

Security researchers have identified a malware campaign targeting YouTubers to spread SilentCryptoMiner malware disguised as tools to bypass restrictions. Over 2,000 victims in Russia have been reported, with the actual number likely higher. The malware exploits Windows Packet Divert drivers, with over 2.4 million detections in the past six months. Threat actors issue copyright strikes to compel YouTubers to promote infected files, manipulating their reputations. One YouTuber with 60,000 subscribers linked to a malicious archive that was downloaded over 40,000 times. The infection starts with an archive containing a modified script that executes a malicious executable via PowerShell. If security software removes the file, users are prompted to disable their antivirus. The malware's infection chain is multi-staged, using a Python-crafted loader to retrieve payloads from specific domains. It employs anti-VM techniques, modifies defender exclusions, and stealthily mines cryptocurrencies while pausing during certain program activities. Security experts warn against using restriction bypass tools due to their association with malware distribution.

Tech Optimizer

March 8, 2025

Why You Should Use a PostgreSQL GUI Instead of the Command Line

PostgreSQL is a robust and reliable open-source database system. A graphical user interface (GUI) offers several benefits over the command line, including: - Easier navigation through databases without memorizing commands. - Better organization of data in structured views like tables or charts. - Simplified query creation with user-friendly editors that include syntax highlighting and suggestions. - Time-saving tools that streamline tasks with built-in shortcuts. - Visual feedback displaying query results in sortable and filterable tables. - Learning support for newcomers with tooltips and example queries. - Fewer errors by monitoring user input and flagging issues before execution. - Enhanced collaboration features for teams, including shared connections and real-time updates. - Customization options allowing users to modify layouts and save queries to fit their workflows.

Winsage

March 8, 2025

Free Alternatives to Paid Windows Software

Windows operating systems often require third-party software for specialized tasks, with free alternatives available to replace paid options. 1. BleachBit is used for system cleaning as a free substitute for CCleaner Pro, effectively enhancing PC performance by removing unnecessary data without tampering with the Windows Registry. 2. Bulk Crap Uninstaller (BCUninstaller) is a free tool for uninstalling programs and bloatware, scanning for leftover files and simplifying the cleanup process with filtering options and color-coded listings. 3. Google Docs is preferred over Microsoft 365 for its user-friendly nature and free 15 GB storage per Gmail account, while LibreOffice is recommended as an alternative for standalone applications. 4. GIMP serves as a free substitute for Adobe Photoshop, offering essential graphic design tools without being resource-intensive. 5. Kdenlive is a free video editor that meets basic video editing needs and is compatible with lower-end PCs, providing a comprehensive suite of features and regular updates. 6. Audacity is used for audio editing, capable of handling both basic and professional tasks, with tools for noise elimination and vocal enhancement. 7. 7-Zip is a lightweight file compression and archiving tool that offers superior compression capabilities and password protection, operating unobtrusively in the background.

AppWizard

March 7, 2025

Minecraft LIVE Goes Live 22nd March

Mojang Studios announced that the Minecraft LIVE event will return on March 22nd, featuring exclusive insights from developers, new game content, and special movie content related to Minecraft. Details for the live stream will be available on Minecraft’s official website.

Winsage

March 7, 2025

Announcing Windows 11 Insider Preview Build 27808 (Canary Channel)

Windows 11 Insider Preview Build 27808 has been released to the Canary Channel. There are no plans to release SDKs for the 27xxx series builds. A significant update to the Task Manager has been initiated, aligning CPU utilization metrics with industry standards, and a new optional CPU Utility column is available on the Details tab. Several fixes have been made, including resolving issues with popular games, printing bugs, blank search windows, Settings app crashes, inaccurate battery icon colors, and BitLocker performance. Known issues include a d3d9.dll crash affecting application launches and a warning for Copilot+ PCs transitioning to the Canary Channel regarding the loss of Windows Hello PIN and biometrics. Enhancements to the Microsoft Store include a new spotlight design and updates to the Downloads page. Insiders in the Canary Channel are reminded that builds may not correspond to specific releases and may evolve or be removed. A clean installation is required to exit the Canary Channel.

Winsage

March 7, 2025

Windows 11 Canary build 27808 is out with better CPU monitoring in Task Manager and more

Windows Insiders in the Canary Channel can download build 27808, which includes enhancements to CPU monitoring in Task Manager and various fixes for gaming, printing, search, graphics, BitLocker, and more. Notable updates include a change in how Task Manager calculates CPU utilization, aligning it with industry standards, and the introduction of an optional CPU Utility column on the Details tab. Fixes include: - Resolved a bug causing games like Roblox to crash upon launch. - Corrected a printing issue that triggered crashes in certain applications. - Fixed a glitch resulting in a blank search window in the taskbar. - Addressed a crash issue in Settings when adding a color profile. - Rectified inaccurate color displays in the battery icon. - Improved performance for loading BitLocker UI elements and fixed a looping issue with BitLocker. - Resolved an error with the Get-BitLockerVolume command. Known bugs include issues with Windows Hello PIN and biometrics for users transitioning from other channels, and ongoing investigations into a d3d9.dll crash affecting application launches.

Tech Optimizer

March 7, 2025

Webroot Premium

PCMag editors independently select and review products. Webroot Premium combines device-level protection with identity theft tracking and remediation, but its antivirus protection is limited compared to competitors. Webroot Premium costs .99 per year for five devices and one identity, with a family edition available for .99 covering ten devices and identities. Other competitors like Bitdefender Ultimate Security and Norton 360 With LifeLock offer more comprehensive features at similar price points. Webroot AntiVirus has been rebranded as Webroot Essentials, and older versions have been phased out. The installation process for Webroot Premium is straightforward, and it includes a firewall that monitors network activity. Webroot's antivirus effectively identifies malware, achieving a 100% detection rate in tests. It also offers a secure deletion tool and basic identity protection features, including credit monitoring, transaction monitoring, and dark web monitoring, though these features are less comprehensive than those of competitors. Webroot provides 24/7 support for identity restoration, with a monetary guarantee for remediation services up to million for ten family members. Overall, while Webroot Premium offers solid antivirus protection, its identity protection capabilities are limited compared to other security suites.

Winsage

March 6, 2025

Cybercriminals Exploit YouTubers to Spread SilentCryptoMiner on Windows Systems

A malware campaign has emerged, exploiting the popularity of Windows Packet Divert drivers. The SilentCryptoMiner malware, disguised as legitimate tools, has affected over 2,000 victims in Russia. Cybercriminals manipulate YouTubers to share malicious links, with one YouTuber having 60,000 subscribers attracting over 400,000 views on infected videos. Compromised files were hosted on gitrok[.]com, with over 40,000 downloads. Attackers issue copyright strikes to content creators, threatening channel shutdowns to propagate malware. The infection begins with a modified script that executes an executable via PowerShell, using a Python-crafted loader to fetch the payload. SilentCryptoMiner, based on XMRig, mines various cryptocurrencies stealthily, employing techniques to evade detection and dynamically adjust its behavior. This campaign highlights the evolving tactics of cybercriminals, leveraging demand for bypass tools to distribute malware. Users are advised to be cautious when downloading tools from untrusted sources.

AppWizard

March 6, 2025

Malicious Android App on Google Play Compromises 220,000+ Devices

Security researchers at ThreatLabz have identified a malware campaign operating through the Google Play Store that disseminated the Anatsa banking trojan, also known as TeaBot. The malicious app, disguised as a file manager and document reader, was downloaded over 220,000 times before its removal. The app initiated a multi-stage payload retrieval process after users granted accessibility permissions, allowing it to download the Anatsa payload and turn infected devices into tools for financial fraud. Anatsa uses overlay attacks and credential harvesting techniques, displaying fake login screens for banking applications to capture user credentials. It targets financial institutions across North America, Europe, and Asia, particularly mobile banking platforms. The malware employs evasion techniques, including delayed activation and encrypted communication, and maintains persistence by checking for accessibility service permissions. Initial data indicates concentrated infections in regions with high mobile banking usage, and the app's multilingual interface suggests a global targeting strategy. Google removed the app within 48 hours of the disclosure but it had been present for approximately eight weeks before detection. Google has initiated a mass uninstallation campaign for affected devices, while users are advised to perform factory resets, monitor financial accounts, enable Google Play Protect, and avoid granting permissions to unfamiliar apps. Investigations are ongoing to identify the threat actors, with links to Eastern European cybercrime syndicates suggested.

Tech Optimizer

March 5, 2025

Cybercriminals are distributing a miner disguised as a restriction-bypassing toolCybercriminals are distributing a miner disguised as a restriction-bypassing tool

In recent months, the use of Windows Packet Divert drivers in Russia has surged, nearly doubling between August 2023 and January 2024, primarily for tools that bypass access restrictions to foreign resources. Cybercriminals are exploiting this trend by distributing malware disguised as these tools, with some bloggers unknowingly promoting such malicious programs. An investigation revealed that a YouTube channel with 60,000 subscribers posted videos on bypassing restrictions, linking to a malicious archive that had been downloaded over 40,000 times. The malware, a variant of SilentCryptoMiner, is designed to mine cryptocurrencies while evading detection. Users are advised to ensure their devices have trusted protection, avoid obscure downloads, and be cautious of even reputable bloggers who may inadvertently share malware.