report Archives

AppWizard

June 16, 2026

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla targets 217 banking and cryptocurrency applications and features 137 commands for malicious activities. It is distributed via deceptive websites posing as legitimate application sources and impersonates Google Play Protect to lure users into installing infected apps. Once installed, it seeks Accessibility service permissions and access to notifications, SMS, and calls. Rokarolla communicates with a command-and-control server, sending device profiles to generate unique identifiers for victims. Its primary goal is to steal financial information by using deceptive login overlays to capture sensitive data and maintain control over the device. The malware employs evasion tactics such as disabling Google Play Protect, hiding its icon, silencing notifications, and keeping the screen awake. It can steal SMS messages, extract contacts, capture keystrokes, record screen content, manipulate clipboard contents, block calls, and take screenshots. Zimperium confirms that Rokarolla is not found on Google Play, and users are advised to avoid downloading APK files from untrusted sources and to be cautious with Accessibility permissions.

AppWizard

June 16, 2026

50+ Samsung Galaxy Store apps spread phone malware

Samsung's Galaxy Store had over 50 applications that unknowingly distributed a hidden Android trojan named MagicAd, which has since been removed. Users who downloaded these apps may still have the malware on their devices, as it establishes persistent background services that remain after the app is uninstalled and hides its icon. Signs of infection include unsolicited ads, battery drain, and unexplained data usage. The malware evades detection by assessing its environment and concealing its core code in encrypted files. Developers rotated the infected apps to maintain persistence and generated revenue through fraudulent ad impressions. Users are advised to run security scans and consider a factory reset if symptoms persist, ensuring to back up important files without including app settings. No app store can guarantee the exclusion of all threats, so users should check ratings and download counts before installing applications.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Winsage

June 15, 2026

Linux 7.2 To Better Communicate File-System Casefolding For Helping Windows NFS & More

The Linux 7.2 kernel has introduced enhancements for reporting case-folding behavior in local file systems, allowing file servers to accurately convey their case sensitivity capabilities. Linus Torvalds merged Virtual File System (VFS) related pull requests that enable local file systems to report case-folding behavior, benefiting services like NFSD and KSMBD, particularly for Microsoft Windows NFS clients. Filesystems can now report case-insensitive and case-nonpreserving behavior through new filekattr flags in their fileattrget implementations. Supported filesystems include FAT, exFAT, NTFS3, HFS, HFS+, XFS, CIFS, NFS, VBoxSF, and ISOFS, with others defaulting to POSIX behavior. NFSd uses this information to report case folding via NFSv3 PATHCONF and implement NFSv4 attributes for case insensitivity and case preservation. The enhancements aim to improve interoperability, allowing Windows NFS clients to function correctly by reporting case-insensitivity, which streamlines operations and avoids unnecessary requests. The Linux NFS client has previously supported case-insensitive shares, requiring adjustments to caching behavior. Accurate case folding reporting is crucial for servers operating in multi-protocol environments to maintain interoperability.

Winsage

June 15, 2026

Microsoft’s controversial Wi‑Fi tracking in Teams is back — but this time with better privacy controls

A feature within Microsoft Teams, initially perceived as a surveillance tool for tracking employees' locations via Wi-Fi, has been officially launched after delays from mid-March to April 2026. Microsoft clarified that the feature, now rebranded from Automatic Update of Work Location to Workplace Check-In via Wi-Fi, is intended to enhance collaboration and facilitate employee coordination rather than serve as a monitoring mechanism. The feature will also be integrated into Microsoft Places later this year.

AppWizard

June 15, 2026

Facebook, Messenger, Instagram outage trends on X

On the evening of June 12, 2026, users in the Philippines and globally reported widespread outages on Meta's platforms, including Facebook, Instagram, and Messenger. At approximately 8:54 a.m. US time, Downdetector recorded over 113,000 outage reports, with 56% related to the mobile app, 25% to login difficulties, and 13% to the website. Meta's communications director, Andy Stone, acknowledged the issue on X, stating the company was working to restore services. Users expressed confusion and humor about the situation, with many fearing their accounts had been hacked. The outage affected millions worldwide, and the spike in traffic to Downdetector's site caused it to temporarily crash. Users felt relief upon realizing the outages were a global issue rather than isolated incidents.

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

AppWizard

June 15, 2026

YouTube turns into a messenger: the platform has returned the function of private messages

YouTube has reintroduced in-app private chats, allowing users to share videos, shorts, and live broadcasts without using third-party platforms. To start a chat, users must send an invitation through an external messenger, which is valid for seven days. Once accepted, users can chat one-on-one, but sharing is limited to publicly available content, and interactions are restricted to known contacts. The messaging feature is accessible via a dedicated button in the app, with notifications sent through push alerts. It is currently available only to adult users, with no support for group chats. YouTube previously discontinued its chat feature in 2019 due to low engagement but has decided to bring it back after positive testing results. The new messaging system is currently limited to users in the US, UK, Brazil, and Singapore, with no timeline for availability in Ukraine or other regions.

Winsage

June 13, 2026

WhatsApp is eating 1.2GB RAM on Windows 11, even as Microsoft kills web app slop

WhatsApp for Windows, despite having a large user base of 3 billion globally and 1.6 billion on Windows, suffers from significant performance issues, including high RAM usage (400 MB before logging in and up to 1.2 GB while idling), slow message delivery, and a choppy scrolling experience. The app operates as a web wrapper using the WebView2 framework, which leads to inefficient resource consumption compared to native applications. Users across various hardware configurations report freezing, delayed messages, and instability. Microsoft’s Teams app also faces similar performance challenges due to its reliance on the same framework. There is a growing concern about the trend of developers opting for web applications over native ones, driven by a lack of trust in native frameworks. Despite Microsoft's push for native app development through WinUI, there is currently no native version of WhatsApp for Windows, while Meta has developed optimized versions for other platforms.

AppWizard

June 13, 2026

Is Facebook down? Live updates as Messenger and Meta apps offline in major outage

Meta's communications chief, Andy Stone, has acknowledged ongoing issues with Facebook but assured users that the company is working to address these challenges. Anecdotal evidence suggests that service is gradually being restored, with some users able to access the platform while others continue to experience difficulties. Facebook outages, though infrequent, can significantly impact its 3.6 billion daily users, as seen in a notable seven-hour outage in 2021 caused by an erroneous command. The recent outage has been described as one of the most significant in recent history, affecting millions globally. Instagram and WhatsApp were also impacted, though they are functioning better than Facebook, with users encountering loading issues on their web versions. During the outage, Facebook displayed a retro-style error page, indicating the service's temporary unavailability.