security solutions Archives

AppWizard

December 2, 2025

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has emerged, marketed as malware-as-a-service (MaaS). It features a hard-coded list of over 400 applications, including banking and cryptocurrency platforms, and is distributed through social engineering tactics using dropper applications. Initially advertised in late September 2025, it became a full MaaS offering by October, with Russian-speaking threat actors behind its development. Albiriox allows remote control of compromised devices via an unencrypted TCP socket connection and Virtual Network Computing (VNC), enabling attackers to extract sensitive information and perform overlay attacks for credential theft. One campaign targeted victims in Austria using German-language lures and counterfeit Google Play Store listings. Albiriox also utilizes Android's accessibility services to bypass security measures and employs a novel distribution strategy involving a counterfeit website that collects phone numbers. Additionally, another Android MaaS tool, RadzaRat, was introduced, masquerading as a file management utility while offering extensive surveillance and remote control capabilities. RadzaRat can log keystrokes and maintain persistence through specific permissions, highlighting a trend in the availability of sophisticated cybercrime tools.

Tech Optimizer

December 2, 2025

Surfshark One Antivirus Down 88% in Cyber Monday Sale

Surfshark is offering its Surfshark One Antivirus plan for .19 per month over a 27-month period, which is an 88% discount from the regular rate. The total cost for this plan amounts to approximately . This bundle includes real-time antivirus scanning, a VPN, breach alerts, and a private search tool. The deal is particularly beneficial for holiday shoppers, as cybercriminal activity increases during this time. The plan is advantageous for frequent travelers, families, and students.

Tech Optimizer

November 24, 2025

Computer Security for Consumer Market Size Reache at US$ 56.06 billion by 2031 | NortonLifeLock, Fortinet, McAfee, Avast

The global Computer Security for Consumer market is projected to grow from an estimated value of US$ 31.23 billion in 2024 to approximately US$ 56.06 billion by 2031, with a compound annual growth rate (CAGR) of 8.9% from 2025 to 2031. Key drivers include the surge in cybersecurity threats and increased reliance on digital technologies. Major players like NortonLifeLock, Fortinet, McAfee, Avast, and Trend Micro hold over 25% of the market share, with North America contributing over 40% of consumer revenue. Antivirus software accounts for over 35% of consumer revenue, while there is a shift towards comprehensive security suites. Future trends indicate growth in AI-powered threat detection and demand for privacy-centric solutions. The market is segmented by type (Network Security, Identity Theft, Endpoint Security, Computer Virus, Others) and application (Traditional Terminal Device Security, IoT Security). The report includes a geographic assessment of regions such as North America, Europe, Asia-Pacific, and Latin America.

Winsage

November 22, 2025

Data Doctors: Beware fake Windows Defender alerts

Microsoft's Windows Defender has vulnerabilities that can be exploited by cybercriminals, including a method to remotely disable it using a trusted Windows driver. There has been an increase in counterfeit "Windows Defender" pop-ups that prompt users to call a phone number, connecting them to scammers. These pop-ups do not originate from Microsoft and are often triggered by compromised websites or malicious ads. Scammers use these alerts to gain remote access to victims' computers under the pretense of fixing non-existent issues, often charging for fraudulent services or installing malware. Windows Defender struggles against advanced threats, lacks deeper monitoring capabilities, and is a prime target for attackers due to its widespread use. A multi-faceted security approach, including third-party solutions like Trend Micro, is recommended to address these gaps and enhance protection. Additionally, maintaining smart security habits, such as updating software and using strong passwords, is crucial for overall system security.

Tech Optimizer

November 18, 2025

SilentButDeadly: New Tool Blocks Network Traffic to Bypass EDR and Antivirus

A newly released open-source tool called SilentButDeadly, developed by Ryan Framiñán and launched on November 2, 2025, can disable Endpoint Detection and Response (EDR) systems and antivirus software without terminating processes. It exploits the Windows Filtering Platform to sever cloud connectivity for security products, leaving systems vulnerable to attacks. SilentButDeadly operates through a seven-phase execution sequence, starting with verifying administrator privileges, then scanning for active EDR processes like SentinelOne and Windows Defender. It establishes network filters that block communications for these security applications, preventing them from receiving updates or transmitting telemetry data. The tool also attempts to disable EDR services by changing their startup types. SilentButDeadly features dynamic, self-cleaning filters and builds on techniques from EDRSilencer, introducing enhanced operational safety. Organizations using cloud-based threat detection face risks when their security solutions lose connectivity. Security teams are advised to monitor Windows event logs for specific filter creation events and implement real-time monitoring and redundant communication channels for EDR telemetry.

Tech Optimizer

November 17, 2025

SilentButDeadly – A Network Communication Blocker That Neutralizes EDR and AV Tools

A new endpoint detection and response (EDR) evasion technique called SilentButDeadly has been identified, which exploits vulnerabilities in security software by using a network communication blocker that leverages the Windows Filtering Platform (WFP). This technique disrupts EDR and antivirus solutions' cloud connectivity without terminating processes or manipulating the kernel. SilentButDeadly operates through a seven-phase execution sequence, starting with verifying administrator privileges and discovering EDR solutions like SentinelOne and Windows Defender. It establishes dynamic WFP sessions with high-priority filtering rules to block outbound telemetry and inbound command-and-control communications, preventing EDR solutions from receiving updates and executing remote management commands. Additionally, it attempts to disable EDR services, hindering automatic restarts and background monitoring. This technique highlights a significant architectural vulnerability in EDR systems that rely on network connectivity. To mitigate this threat, security teams can monitor Windows event logs for specific Event IDs related to WFP filter creation and implement real-time monitoring and redundant communication channels. SilentButDeadly requires administrator privileges and is ineffective against EDR solutions protected by kernel-level network drivers.

Tech Optimizer

November 15, 2025

RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools

A new malware called RONINGLOADER specifically targets Chinese users and can disable security tools. It operates as a multi-stage loader that spreads a modified version of gh0st RAT and bypasses antivirus protections. RONINGLOADER infiltrates systems through fake software installers that mimic legitimate applications like Google Chrome and Microsoft Teams. Once inside, it disables Windows Defender and Chinese security solutions such as Qihoo 360 Total Security and Huorong. The malware uses a signed driver that appears legitimate to Windows but is designed to terminate security processes. If one method of disabling security fails, RONINGLOADER has multiple fallback strategies. The Dragon Breath APT group is behind this campaign, having refined their techniques based on previous operations. The infection begins with a trojanized NSIS installer that drops components onto the victim's system. One installer deploys genuine software, while the other initiates the attack chain. RONINGLOADER creates a directory at C:Program FilesSnieoatwtregoable and deposits two files: Snieoatwtregoable.dll and an encrypted file named tp.png. The DLL decrypts tp.png using XOR encryption and a rotation operation, then loads new system libraries to eliminate security hooks. It elevates privileges using the runas command and scans for active security software, specifically targeting Microsoft Defender, Kingsoft Internet Security, Tencent PC Manager, and Qihoo 360 Total Security. To terminate these processes, it uses a signed driver named ollama.sys, which is digitally signed by Kunming Wuqi E-commerce Co., Ltd. This driver can terminate processes using kernel-level APIs that standard security tools cannot intercept. Additionally, RONINGLOADER blocks network connections for Qihoo 360 before injecting code into the Volume Shadow Copy service process, utilizing Windows thread pools with file write triggers to evade detection.

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

Tech Optimizer

November 13, 2025

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have identified a malware campaign using the ClickFix social engineering technique to spread information-stealing malware on Windows and macOS. The campaign targets users searching for cracked software, leading them to malicious Google-hosted landing pages. Victims encounter fake security warnings that prompt them to execute a malicious command, resulting in the installation of infostealer malware. Windows users receive the ACR stealer, while macOS users get the Odyssey stealer, both delivered in password-protected ZIP files. ACR also loads additional malware like SharkClipper, which hijacks cryptocurrency clipboard data. The campaign has seen a 700% increase in ACR logs in May 2025, with ClickFix becoming the most common initial access method, accounting for 47% of all initial access schemes. The malware collects various user data, including passwords and cryptocurrency wallets, and operates in a fileless manner to evade detection. Security experts advise against executing unverified commands and recommend enhancing endpoint detection capabilities to combat these threats.

Tech Optimizer

November 7, 2025

Malwarebytes scores 100% in AV Comparatives Stalkerware Test 2025

The AV-Comparatives Stalkerware Test 2025 evaluated 13 Android security solutions against 17 stalkerware-type applications. The test revealed that stalkerware remains a significant threat, often installed covertly and designed to evade detection. Malwarebytes achieved a perfect 100% detection rate, while Bitdefender, ESET, Kaspersky, and McAfee each detected 94%. Avast, Avira, and F-Secure identified 88%, Norton and Sophos around 82%, and G Data (65%), Google (53%), and Trend Micro (59%) had lower detection rates. The evaluation emphasized the importance of clear communication of threats to potential victims. Malwarebytes' involvement in the Coalition Against Stalkerware highlights its commitment to user safety and effective detection of stalkerware.