remote control Archives

Tech Optimizer

June 17, 2025

Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Threat actors are using a fileless variant of AsyncRAT, targeting German-speaking individuals with a deceptive verification prompt. This prompt misleads users into executing harmful commands. The malware employs obfuscated PowerShell scripts to operate in memory without creating files on disk, complicating detection by antivirus solutions. The attack begins with a fake verification page prompting users to click "I’m not a robot," which copies a malicious command to the clipboard. This command uses conhost.exe to run a hidden PowerShell instance that retrieves a payload from a remote server. The malware establishes a connection to a command-and-control server and maintains persistence through registry keys, enabling remote control and data exfiltration. Key tactics include stealth execution, in-memory C# compilation, and TCP-based communication over non-standard ports. The campaign has been active since at least April 2025. Indicators of Compromise (IOCs) include: - IP: 109.250.111[.]155 (Clickfix Delivery) - FQDN: namoet[.]de (Clickfix / C2 Server) - Port: 4444 (TCP Reverse Shell Listener) - URL: hxxp[:]//namoet[.]de:80/x (PowerShell Payload) - Registry (HKCU): SOFTWAREMicrosoftWindowsCurrentVersionRunOncewindows (Persistence on Boot) - Registry (HKCU): SOFTWAREMicrosoftWindows NTCurrentVersionWindowswin (Holds Obfuscated Command)

Tech Optimizer

June 3, 2025

Misspell one word and you’re infected: New malware campaign fools developers on both Windows and Linux

Cybersecurity experts have highlighted the risks of typosquatting, where developers accidentally download malicious packages due to typographical errors. A report from Checkmarx reveals that attackers exploit this trust by creating counterfeit packages that can grant unauthorized access to systems. Malicious packages have been found in the Python Package Index (PyPI) and can enable remote control, posing serious threats to system integrity. Attackers employ a cross-platform strategy, mixing names from different programming environments to target unsuspecting users. On Windows, malware can create scheduled tasks and disable antivirus protections, while on Linux, certain packages facilitate encrypted reverse shells for data exfiltration. Although the malicious packages have been removed, the threat remains, prompting developers to verify package sources and spellings. Checkmarx recommends organizations conduct audits of deployed packages and scrutinize application code to enhance security.

Tech Optimizer

May 26, 2025

This Stealthy Malware Takes Control of Your Computer to Steal Your Data

Skitnet is a new malware that targets personal data by stealthily infiltrating computer systems. It is used by hackers to steal sensitive information through advanced methods, including the insertion of invisible malicious code in emails and the creation of fraudulent websites. Cybersecurity experts from PRODAFT have revealed that Skitnet is often employed by ransomware groups and can remotely control infected computers using services like AnyDesk. The malware operates discreetly, monitoring user actions without detection for extended periods, making it difficult for victims to realize they are infected until after data theft occurs. To protect against such threats, security specialists recommend identifying suspicious emails, using reliable antivirus software, and enhancing account security with two-step verification and strong passwords.

AppWizard

May 21, 2025

TSplus Releases Remote Support Android V4: Smarter, Broader, and Now Compatible with Android TV

TSplus has released version 4 of its Remote Support app for Android, which now fully supports Android TVs. This update enhances compatibility, performance, and usability, expanding device support to over 22,720 models, including both arm32 and x86 architectures. The app allows for innovative applications in various settings, such as home, retail, public transport, and events. Key features include Viewer mode for assisting others and casting presentations, and Sharer mode for secure screen sharing with remote technicians. The update also improves navigation for Android TV and optimizes network usage. Users can download the latest version from the Google Play Store.

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.

AppWizard

April 16, 2025

Squirrel with a Gun is finally a real PC game with its Gravity Gun update!

The "Gravity Gun Update" for Squirrel with a Gun introduces a new weapon that allows players to manipulate gravity, enhancing gameplay. It includes the new Relativity Bunker, where players can find five new acorns. The update also features a new Nuclear Squirrel skin for characters. The game combines open-world shooting and puzzle platforming, allowing players to use various firearms and engage in activities like driving remote control cars and riding jet skis. Squirrel with a Gun is available on PC, Xbox Series X|S, and PlayStation 5, with the update now live.

AppWizard

March 20, 2025

Signal Messenger Exploited in Targeted Attacks on Defense Industry Employees

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned about targeted cyberattacks against employees in the defense-industrial complex and members of the Defense Forces of Ukraine, which have been ongoing since at least summer 2024 and have intensified recently. Attackers are using the Signal messenger app to distribute malicious files by compromising trusted contacts' accounts. In March 2025, CERT-UA observed that attackers were sending archived messages through Signal, which included a PDF and an executable file called DarkTortilla, designed to activate the DarkCrystal RAT (DCRAT) software. The focus of these deceptive messages has shifted to critical topics like unmanned aerial vehicles (UAVs) and electronic warfare equipment. CERT-UA has labeled this activity UAC-0200 and advises reporting any suspicious messages immediately. They have also compiled indicators related to the attacks, including specific file hashes, IP addresses, and URLs linked to the attackers' infrastructure.

AppWizard

March 6, 2025

TSplus Introduces Major Update for Remote Control to Android from Any Device

TSplus has released a major update to its Remote Support Android app, now available on the Google Play Store. This update enhances the app's features, which originally allowed users to remotely view and control devices in Full HD resolution at 24 frames per second, with functionalities including keyboard and mouse control, user chat, and device management. The update fully operationalizes the Sharer feature for seamless remote control of Android devices from various platforms. Enhancements include improved performance with upgraded screen encoder and decoder, new settings for optimizing app performance on older devices, shortcuts for quick actions, and improved debugging for easier issue reporting.

BetaBeacon

February 15, 2025

15 best local multiplayer games for Android

Robotek is a fighting game where players square off against each other, taking turns hitting each other until one goes down. The local multiplayer aspect allows for a good time, where strategy matters more than anything.

Winsage

February 13, 2025

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft has released a patch addressing 63 vulnerabilities, following a previous update that fixed 159 flaws. The vulnerabilities are categorized by severity: critical, important, moderate, and low. Three critical vulnerabilities requiring user action are: - CVE-2025-21376: Affects Windows LDAP, allowing remote control of systems using Active Directory. - CVE-2025-21379: Pertains to potential Man-in-the-Middle attacks, enabling attackers to manipulate communications and steal data. - CVE-2025-21381: Can be exploited by tricking users into downloading malicious files, allowing arbitrary code execution. Two zero-day vulnerabilities already under exploitation are: - CVE-2025-21391: Allows attackers to bypass access controls and delete files. - CVE-2025-21418: Enables attackers to gain system privileges for configuration and user management. Other notable vulnerabilities include: - CVE-2025-21194: A hypervisor vulnerability that could compromise the kernel. - CVE-2025-21377: Could expose NTLM hashes, allowing impersonation of users. - CVE-2025-21198: Affects Microsoft's HPC systems, allowing complete control through a malicious web request, with a high CVSS score of 9.0. Users are advised to update Windows to safeguard their systems.