screen display Archives

Winsage

January 6, 2026

ClickFix attack uses fake Windows BSOD screens to push malware

A new social engineering attack campaign called ClickFix is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into executing malware. Initially identified in December by Securonix as "PHALT#BLYX," the campaign involves phishing emails that appear to be notifications from Booking.com, often mentioning significant refunds to create urgency. Victims are directed to a counterfeit Booking.com site that mimics the legitimate one and displays a fake error message prompting them to execute a malicious command. This command launches a PowerShell script that downloads and compiles malware known as DCRAT, a remote access Trojan that allows attackers to control infected devices, exfiltrate data, and spread within networks.

AppWizard

January 1, 2026

3 apps I’m actually using to keep my New Year’s resolutions

Many individuals set resolutions to enhance their lives at the start of the new year, and various innovative apps have emerged for habit tracking. HabitKit is a simple habit-tracking app that allows users to input habits and goals, represented in a contribution graph. Users can customize their experience by adding habits with titles, colors, and symbols, setting streak goals, receiving reminders, and categorizing habits. The app features robust analytics for tracking long-term progress and offers widgets for home screen display. Finch is a digital companion that encourages daily check-ins and emphasizes self-care and mental well-being. It suggests habits like staying hydrated and practicing mindfulness, while also incorporating gamification elements for user engagement. A traditional method for habit tracking involves using a calendar app, such as Google Calendar, integrated with Google Tasks. This allows users to create dedicated lists for habits, although it lacks built-in analytics and may require more discipline to maintain consistency. Finding the right habit tracking app is essential for personal growth and goal achievement, and committing to a single platform can yield surprising results over time.

Winsage

November 26, 2025

Do Not Click—This Porn Site Installs Malware On Your Device

Attackers are using malicious emails with links to adult websites to exploit human curiosity and urgency, leading to the installation of harmful malware through deceptive update processes. Acronis has identified these "JackFix" attacks, which use screen hijacking techniques combined with ClickFix methods, presenting victims with fake Windows Update screens that claim to deliver critical security updates. This campaign leverages counterfeit adult websites as phishing mechanisms, increasing psychological pressure on victims to comply with prompts to install updates. The attack takes over the victim's screen and displays a convincing update interface, occurring entirely within the browser. Acronis advises users to avoid accessing adult sites through links in emails or messages and to navigate directly to these sites for safer browsing.

Winsage

November 25, 2025

Attackers are Using Fake Windows Updates in ClickFix Scams

Threat actors have adapted the ClickFix attack model, using a fraudulent Windows Update screen to disguise malicious code. This screen mimics the legitimate Windows Update interface and prompts users to execute harmful commands. The execution of these commands leads to the installation of LummaC2 and Rhadamanthys info-stealing malware. A report from ESET noted a 500% increase in ClickFix attacks, which now account for nearly 8% of all blocked attacks in early 2025. Huntress researchers tracked ClickFix lures that used steganography to deliver LummaC2 and Rhadamanthys malware, concealing malicious software within image files. The attacks involve a full-screen display that instructs users not to turn off their computers, ultimately prompting them to paste a malicious command. The execution process includes using mshta.exe and PowerShell to load and inject malicious assemblies. European law enforcement recently dismantled infrastructure used by threat actors, but Rhadamanthys is no longer distributed through the fraudulent Windows Update campaign. The use of steganography helps these payloads evade detection while relying on victims to manually execute commands.

AppWizard

October 13, 2025

Android Pixnapping attack can capture app data like 2FA info

Security researchers have identified a 12-year-old data-stealing attack known as Pixnapping, which targets web browsers to extract sensitive information from Android devices. This attack allows a rogue Android application to access and leak information from various apps, including Google Maps, Signal, and Venmo, as well as websites like Gmail, and can capture two-factor authentication codes from Google Authenticator. The attack utilizes a hardware side channel to access screen display pixels, employing techniques inspired by earlier research on timing attacks. A collaborative team from institutions like UC Berkeley and Carnegie Mellon University developed the modern iteration of Pixnapping, which will be presented at the 32nd ACM Conference on Computer and Communications Security. The Pixnapping framework enables a malicious app to push pixels into the rendering pipeline and read them by overlaying semi-transparent Android Activities. The attack systematically measures rendering times to infer pixel colors, allowing for the recovery of data through optical character recognition. Researchers successfully demonstrated Pixnapping on Android versions 13 to 16 across devices like the Google Pixel series and Samsung Galaxy S25. The attack does not require special permissions and exploits how the Mali GPU implements data compression, resulting in data-dependent rendering times. Pixnapping leaks only 0.6 to 2.1 pixels per second, which is still sufficient to recover Google Authenticator codes. Google has issued a patch for the underlying vulnerability tracked as CVE-2025-48561, with another patch planned for December, although there has been no evidence of exploitation in the wild. Despite attempts to mitigate Pixnapping, researchers have identified a workaround and suggest limiting an attacker's ability to compute on victim pixels as an effective strategy. They also discovered methods for attackers to identify all installed apps on a device, a capability restricted since Android 11 for privacy reasons, with Google indicating that fixing this issue may not be feasible.

Winsage

March 25, 2025

Windows 11’s awful search is getting an AI boost soon, and that’s not all

Microsoft is set to release updates for Windows 11, focusing on user experience through artificial intelligence. Two preview builds, Windows 11 Build 26100.3613 and Windows 11 Build 26100.3624, are available to Windows Insiders, with an official rollout expected in April. Key features include: - Introduction of semantic search, allowing users to search using natural language instead of exact keywords, initially available on Snapdragon-powered devices. - Live captions and real-time translation for AMD and Intel Copilot+ PCs, translating spoken content into English, while Snapdragon users can translate English into Chinese. - Enhancements to Voice Access, allowing users to describe commands and adding support for the Chinese language. - New "cards" in the Settings app displaying key specifications like CPU, memory, and storage. - Modifications to Task Manager for tracking CPU utilization. - A new Xbox gamepad keyboard interface for desktop PCs. - An updated emoji interface with a new system tray icon for easier emoji insertion. - Improvements to widgets for better control over lock screen display.

AppWizard

March 11, 2025

TikTok to introduce mindfulness tool for teenage users

TikTok has introduced a Wind Down tool for users under 16, activating automatically after 10 PM to display calming visuals and music. The platform plans to test meditation exercises within this feature. Additionally, new parental control options include the Time Away feature, allowing parents to restrict app access during specific times. TikTok is enhancing its Family Pairing tools, enabling parents to monitor their child's interactions on the app. Val Richey, TikTok’s global head of outreach and partnerships, emphasized the importance of supporting teenage well-being and fostering healthy digital habits while maintaining communication with parents.

BetaBeacon

March 7, 2025

This quirky new handheld might be the best way to play Nintendo DS games

The MagicX Zero 40 is a handheld device that offers a new approach to Nintendo DS emulation by featuring a tall screen that displays the two screens from the Nintendo DS on top of each other.