safe Archives

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 13, 2026

Microsoft tightens Windows 11 driver security rules

Microsoft will enforce a new mandate requiring all hardware drivers to comply with the Windows Hardware Compatibility Program (WHCP) standards starting April 1, 2026. This change will eliminate the "cross-signing" system that allowed older drivers with expired certificates to remain trusted. The enforcement of WHCP certification will apply to various versions of Windows 11 and Windows Server 2025. Users may face blocks when installing older drivers on new systems, but existing installations will not be immediately disrupted. Microsoft plans to introduce an "allow list" for vetted legacy drivers to ensure essential equipment remains operational during the transition. The initial rollout will occur in "evaluation mode," allowing Microsoft to monitor driver behavior without blocking software. For corporate environments, Microsoft offers "Application Control for Business" to allow specific software while maintaining security measures.

AppWizard

April 11, 2026

Revisiting Redfall after its final update reveals the ghost of the game it wanted to be

Redfall, developed by Arkane Austin, was released in May 2023 and faced criticism for its open world, AI, and shooting mechanics. Following its launch, Arkane attempted to address these issues but was ultimately closed by Microsoft a year later. Before its closure, the studio released patch 1.4, which introduced a Community Standing system that allows players to enhance their skills through community tasks. This patch aimed to improve gameplay by encouraging exploration and interaction with the environment, offering rewards like fortified safehouse defenses and new abilities. Despite these improvements, core issues such as unsatisfactory combat and shallow NPC interactions persisted, limiting the game's narrative depth and player engagement.

Tech Optimizer

April 11, 2026

Antivirus protection built into Windows

Windows 11 includes Microsoft Defender Antivirus, which is active from the moment the device is powered on and integrated into the operating system. It continuously updates to protect against various threats, including malicious files and unsafe links. Microsoft Defender SmartScreen evaluates the safety of websites and downloads, providing warnings for dubious content. Smart App Control prevents untrusted applications from executing, while Controlled folder access protects personal files from unauthorized modifications. Users can verify the operational status of Microsoft Defender Antivirus through Windows Security settings. Best practices for maintaining security include keeping the antivirus updated, using a single real-time antivirus engine, and enhancing security habits. Microsoft Defender Antivirus is generally sufficient for everyday risks, but additional third-party antivirus solutions may be considered based on individual needs.

AppWizard

April 10, 2026

These two huge PC performance app downloads have been infected by a virus

The download pages for CPU-Z and HWMonitor have been compromised, redirecting users to malware-infected files. Users should verify that downloaded files are named "hwmonitor1.63.exe" or "cpu-z2.19-en.exe" and be cautious of files like "HWiNFOMonitorSetup.exe." A virus scan is recommended, as Windows Defender has flagged the compromised versions. The malicious files were identified approximately nine hours ago, indicating a successful attack on the CPUID download site. The correct download links have been restored, but CPUID has not issued an official statement. The breach was reported by a Reddit user who experienced a warning from Windows Defender after downloading a suspicious file. CPUID's website and social media have not been updated since 2024, and users are advised to stay vigilant.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

AppWizard

April 9, 2026

Bitchat Review: How Jack Dorsey’s Private Offline Messenger Works

Bitchat employs the Noise Protocol Framework, specifically the XX pattern, for encrypted and authenticated communication. The Android version uses X25519 for key exchange and AES-256-GCM for message encryption. Bitchat operates without a central infrastructure, phone numbers, or traditional accounts, which reduces data collection and risks of censorship and surveillance. The app relies on Bluetooth connectivity, requiring physical proximity between users, which can enhance security but may lead to device identification. Metadata about nearby devices and connection instances may still be retained. Bitchat has not yet undergone a comprehensive external security audit, raising concerns despite its focus on privacy and encryption.

Tech Optimizer

April 8, 2026

Avast Antivirus: A Complete Guide to the Software and Its Security Features

Avast antivirus is a widely used digital security solution for mobile and desktop platforms, developed by Gen Digital. It offers a free version that is accessible and easy to set up, making it popular among first-time users. Key security features include real-time threat protection, web protection tools, email protection, behavior monitoring, and a network inspector. The software operates quietly in the background, has a clean and intuitive interface, and provides essential security features in its free version. However, users may experience intrusive upgrade prompts, and advanced tools require a paid subscription. Avast distinguishes itself by offering behavioral threat detection in both free and paid versions, and its extensive user base enhances its threat detection capabilities. The free version includes basic protections suitable for everyday online activities, but advanced features necessitate an upgrade. Users are encouraged to adopt strong passwords, utilize password managers, enable two-factor authentication, and practice safe browsing habits to ensure online privacy.

Winsage

April 7, 2026

What is the Microsoft Windows game that Iran is ‘using’ to tease Donald Trump

The United States and Iran are engaging in digital tensions, with Iranian embassies using social media for pointed critiques of President Trump. A notable instance occurred when the Iranian consulate in Mazar-i-Sharif shared a satirical video combining gameplay from the 90s game Minesweeper with a map of the Strait of Hormuz, humorously highlighting Trump's navigation efforts. The video features animated explosions and sarcastic text, emphasizing the risks associated with US navigation in the strategically important waterway. Iran has stated it deployed mines in the Strait of Hormuz to control maritime traffic, and the use of Minesweeper in this context serves to illustrate the dangers of navigating these waters.

AppWizard

April 7, 2026

11 years after launch, Pillars of Eternity’s new turn-based mode feels like the way it’s meant to be played

Pillars of Eternity celebrated its 11th anniversary with a significant update from Obsidian Entertainment, introducing a full turn-based mode alongside the original real-time with pause (RTWP) mechanics. The turn-based option had been in beta on Steam since November before its official release. The update includes extensive patch notes, and players have reported enjoying the new gameplay style, with some preferring it for future playthroughs. Discussions among industry professionals at last year's Game Developers Conference highlighted the evolving nature of combat systems, with optimism for the future of RTWP despite the rising popularity of turn-based mechanics.