remote control Archives

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.

Tech Optimizer

February 22, 2026

Researchers Discover First Android Malware Using Generative AI for Persistence

Security researchers have identified a new Android Trojan named PromptSpy that uses generative AI technology to enhance its persistence on compromised devices. Discovered by ESET researchers, PromptSpy leverages Google's Gemini AI model to analyze infected device screens and generate tailored instructions for embedding itself within recent apps lists. It includes a Virtual Network Computing (VNC) module that allows attackers full remote control over the device, enabling activities such as viewing the screen, performing actions remotely, capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. The malware communicates with command-and-control servers using AES encryption and exploits Android Accessibility Services, making it difficult to remove. PromptSpy is distributed through a dedicated website and is financially motivated, adapting to various Android interfaces and operating system versions. ESET's analysis indicates that the malware is regionally targeted, with a focus on Argentina, and may have been developed in a Chinese-speaking environment. The same threat actor is believed to be responsible for both VNCSpy and PromptSpy.

AppWizard

February 21, 2026

GoPro Hero 4 Session: Android App Guide

To connect a GoPro Hero 4 Session to an Android device, first install the GoPro app from the Google Play Store. Ensure the camera is powered on and in pairing mode by pressing the button until the Wi-Fi icon appears. Open the GoPro app, add the camera, select "GoPro Hero 4 Session," and follow the on-screen instructions to connect to the camera's Wi-Fi network using the default password "goprohero." Once connected, the app provides features such as remote control, live preview, settings adjustment, media management, highlight tagging, and firmware updates. Common troubleshooting steps include ensuring Wi-Fi is enabled, forgetting the network, restarting devices, checking for interference, and updating the app and firmware. Tips for enhancing the GoPro experience include using the app for time-lapse photography, exploring Protune settings, creating short video clips, and regularly backing up footage.

AppWizard

February 19, 2026

New ‘Massiv’ Android banking malware poses as an IPTV app

A new strain of Android banking malware called Massiv is disguised as an IPTV application to steal digital identities and access online banking accounts. It uses screen overlays and keylogging techniques to capture sensitive information and can take remote control of compromised devices. Massiv has been observed targeting a Portuguese government application related to Chave Móvel Digital, which contains user data that could bypass know-your-customer (KYC) verifications. The malware allows fraudsters to open accounts in the victim's name at new banks and services, enabling money laundering and loan acquisition. Massiv features two remote control modes: a screen live-streaming mode and a UI-tree mode that extracts structured data from the Accessibility Service. There has been an increase in the use of IPTV applications as bait for Android malware infections, with many of these apps serving as droppers for the malware. The fake IPTV apps primarily target users in Spain, Portugal, France, and Turkey. Users are advised to download applications only from reputable sources and keep security measures active.

AppWizard

February 19, 2026

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have identified a new Android trojan named Massiv, designed for device takeover attacks targeting financial theft. It disguises itself as IPTV applications and poses risks to mobile banking users by allowing operators to remotely control infected devices for fraudulent transactions. The malware was first detected in campaigns targeting users in Portugal and Greece, with features including screen streaming, keylogging, SMS interception, and fake overlays for credential theft. One campaign specifically targeted the gov.pt application to deceive users into providing sensitive information. Massiv can execute various malicious actions, such as altering device settings, sending device information, and downloading malicious files. It is distributed through dropper applications that mimic IPTV services, often via SMS phishing. The malware operates in the background while the dropper appears as a legitimate app. Recent campaigns have focused on regions like Spain, Portugal, France, and Turkey, indicating a growing threat landscape. The operators of Massiv are developing it further, suggesting intentions to offer it as a Malware-as-a-Service.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.

AppWizard

February 10, 2026

Android users warned about new bug that steals private data – which apps to delete

The Arsink malware is an Android Remote Access Trojan (RAT) that exfiltrates sensitive information while granting remote control to its operators. It has impacted over 45,000 devices in 143 countries, including the UK. Arsink lures users to download deceptive "pro" versions of popular applications, often promoted on social media instead of the Google Play Store. Once installed, it can access text messages, emails, call logs, contacts, microphone recordings, photos, location data, and more. The malware also allows hackers to control device features such as using the torch, playing audio, making calls, and changing settings. It hides its icon, runs a persistent foreground service, and generates notifications to avoid detection. Users are advised to remove any "pro" versions of well-known apps like Google, YouTube, WhatsApp, Instagram, Facebook, and TikTok that are not from the official Google Play Store.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

Winsage

December 20, 2025

Windows RemoteApp problems, ferry malware arrest, Senator’s open-source warning

Microsoft's December 2025 security update disrupts Message Queuing (MSMQ) on older Windows 10 and Server systems. A subsequent November 2025 update causes RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices, particularly in Azure Virtual Desktop environments, although Windows Home or Pro editions remain unaffected. French authorities arrested two crew members of an Italian ferry for allegedly installing malware that could allow remote control of the vessel; one suspect has been released while the other is in custody. Tom Cotton, Chairman of the Senate Intelligence Committee, has urged action on vulnerabilities in open-source software, citing concerns about foreign adversaries inserting malicious code. A zero-day exploit, CVE-2025-20393, affecting Cisco email security products has been exploited by Chinese hackers since late November. DXS International reported a cybersecurity incident involving unauthorized access to its internal servers, with an investigation ongoing. A report from Resecurity indicates a rise in the criminal use of DIG AI for generating tips for illegal activities. CISA warned of a critical vulnerability in ASUS Live Update software, which has been actively exploited. An automated campaign targeting multiple VPN platforms has been reported, with credential-based attacks observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.