security application Archives

Tech Optimizer

August 24, 2025

New Android malware poses as antivirus from Russian intelligence agency

A new strain of Android malware, named 'Android.Backdoor.916.origin,' has emerged from Russia's Federal Security Services (FSB) and targets executives in Russian businesses. Identified by Dr. Web, this malware is a standalone entity with no ties to previous malware families. It has capabilities including monitoring conversations, streaming video from the camera, logging user input, and exfiltrating data from messaging applications. Since its detection in January 2025, it has shown multiple iterations, indicating ongoing enhancements. The malware is specifically designed for Russian enterprises, using the Russian language in its interface and employing branding efforts that impersonate the Central Bank of Russia and the FSB. The malware masquerades as an antivirus tool but lacks protective features, simulating scans that yield false positives. It requests high-risk permissions such as geo-location access, SMS and media file access, and camera and audio recording capabilities. Once installed, it can exfiltrate SMS messages, contacts, call history, geo-location data, and stored images, activate the microphone and camera, capture text input from messaging and browser applications, and execute shell commands. It can switch between 15 different hosting providers, indicating resilience and adaptability. Dr. Web has made the complete indicators of compromise related to this malware available on their GitHub repository.

Winsage

July 30, 2025

Secure Windows with Microsoft’s Security Compliance Toolkit

The Microsoft Security Compliance Toolkit is a suite of tools for administrators to assess Group Policy Objects (GPOs) against Microsoft's security baselines, helping to identify discrepancies and implement secure settings. It includes tools such as the Policy Analyzer, Local Group Policy Object (LGPO) utility, and Set Object Security application. Administrators can download the toolkit from Microsoft's website, which contains zip files for various security baseline packages. The Policy Analyzer compares GPOs with local security policies to identify inconsistencies, while the LGPO tool manages local security policies and allows for policy backup and verification. The Set Object Security tool applies security descriptors to objects like files and folders. For Windows Server, administrators should test security baselines in non-production environments before deployment. With Windows Server 2025, the OSConfig platform allows for direct application of security baselines through PowerShell, simplifying the update process and maintaining compliance.

AppWizard

July 15, 2025

This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam

A new variant of the Konfety malware targets high-end Android devices using sophisticated evasion techniques, including distorted APK files to avoid detection. This version disguises itself as legitimate applications, imitating popular apps on the Google Play Store. It employs an 'evil twin' tactic, emphasizing the need to download software only from trusted publishers and avoiding third-party APKs. The malware can redirect users to harmful websites, install unwanted software, and generate misleading notifications. It displays ads through the CaramelAds SDK and can exfiltrate sensitive data such as installed applications and network configurations. Konfety can conceal its app icon and name, using geofencing to alter behavior based on location, and employs an encrypted DEX file to hide services. To evade analysis, it manipulates APK files to appear encrypted, causing misleading prompts during inspection, and compresses critical files with BZIP, leading to parsing failures. Users are advised to avoid sideloading apps, ensure Google Play Protect is enabled, and consider installing a reputable antivirus to enhance security.

Tech Optimizer

May 29, 2025

Windows PCs at risk as new tool disarms built-in security

All modern Windows PCs come with Microsoft Defender, a built-in antivirus solution. A tool called Defendnot can disable Microsoft Defender by tricking Windows into believing another antivirus is active. It uses an undocumented API to register a counterfeit antivirus, which leads to Microsoft Defender being automatically disabled without user notification. Defendnot creates a scheduled task for persistence and allows customization of the antivirus name. It is a successor to a previous project, No-Defender, which was removed due to copyright issues. Currently, Microsoft Defender flags Defendnot as a threat.

Tech Optimizer

April 12, 2025

I abandoned third-party antivirus tools, and here’s what I do instead

The author has transitioned from using third-party antivirus solutions to relying on Windows Security, which is built into Windows 10 and 11, due to its effectiveness and lack of cost. They emphasize the importance of keeping Windows Security updated and performing regular virus scans for added peace of mind. Ransomware protection features, such as Controlled Folder Access, are highlighted as essential. The Microsoft PC Manager app is recommended for optimizing system performance and security. The author advocates for good security hygiene, including avoiding suspicious emails and enabling two-factor authentication, as effective practices to maintain security without third-party antivirus software.

Tech Optimizer

March 11, 2025

Fake Google Play Store pages are spreading Trojan malware that can steal your financial data

CTM360, a cybersecurity firm in Bahrain, has reported a new threat called the PlayPraetor trojan, which is distributed through malicious websites that imitate trusted sources like the Google Play Store. Users who visit these counterfeit sites may download an app disguised as a legitimate APK file, which requests extensive permissions, including access to accessibility services and SMS messages. Once installed, PlayPraetor functions as spyware, capturing keystrokes and clipboard activity, and specifically targets banking applications by scanning for them on infected devices. It sends a list of these apps to the attacker's server to steal banking credentials. The fraudulent links are often shared via Meta Ads and SMS messages, making it crucial for users to be cautious with links from these sources. The malicious sites closely resemble legitimate ones, so users should verify the website's spelling and URL. Deceptive advertisements and messages are commonly used to entice users into clicking links that lead to these sites. Users should be skeptical of anything that creates urgency or offers unrealistic deals. Excessive permission requests during app downloads should raise red flags, especially for unnecessary accessibility services. It is recommended to use reputable antivirus software for mobile protection, enable Google Play Protect, and avoid sideloading apps from unofficial sources to prevent potential threats.

AppWizard

February 25, 2025

I never click any link on my Android phone without using this app first

URLCheck is an open-source application for Android that enhances link management by intercepting links before they are followed, allowing users to view, modify, or disregard them. It integrates with the VirusTotal API for threat checking, although users must sign up to use this feature. The app removes tracking tags and unnecessary redirects when sharing links. To set up URLCheck, users need to download it, select it as the default browser, and enable preferred modules. While URLCheck improves security, it does not guarantee complete safety online and requires users to exercise caution. The app only intercepts links from applications that redirect to a browser, and users must use the share menu to check URLs within their browser.