security tools Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Tech Optimizer

March 2, 2026

Is Bitdefender Antivirus Better Than McAfee? What Consumer Reports Data Says

Consumer Reports evaluates antivirus software, assigning ratings out of five across factors such as protection, ease of use, and data privacy, culminating in a score out of 100. Top contenders include Bitdefender, McAfee, Norton, Avira, and Avast. Bitdefender specializes in anti-malware protection and offers a free version, while McAfee is a full security suite with a subscription model. Bitdefender slightly outperforms McAfee in overall ratings, though both scored equally in six categories during lab tests. McAfee includes features like a firewall and password manager, which Bitdefender lacks. Consumer Reports also assessed Bitdefender's paid security suites, which include more features than the free antivirus version and outperform McAfee Total Protection in functionality. Bitdefender's suites include features like spam filters, parental controls, and banking protection, while Consumer Reports rates Bitdefender higher overall.

Tech Optimizer

February 24, 2026

Fake Zoom meeting “update” silently installs surveillance software

A deceptive website, uswebzoomus[.]com/zoom/, poses as a Zoom meeting platform and installs surveillance software on Windows devices without user consent. The software is a covert version of Teramind, a commercial monitoring tool. The site creates a fake Zoom waiting room experience, complete with scripted participants and background audio, to trick users into downloading a malicious file named zoomagentx64s-i(_941afee582cc71135202939296679e229dd7cced) (1).msi. This file is preconfigured to connect to an attacker-controlled Teramind server and operates in stealth mode, leaving minimal traces on the device. The installation process collects information about the device and is designed to evade detection by security tools. If users suspect they have been affected, they are advised not to open the downloaded file, check for its installation, and change passwords from a clean device.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

Winsage

February 23, 2026

Windows 10 is vulnerable, but upgrading to Windows 11 Pro is only $13 right now

Microsoft is offering a promotional rate for Windows 11 Pro at .97, down from a previous price of 9, resulting in savings of 6.03. This offer is limited-time. Windows 11 Pro includes advanced security features like TPM 2.0, UEFI, BitLocker, and Smart App Control. It also provides a revamped user interface with a new desktop layout, redesigned Start menu, snap tools, virtual desktops, built-in Teams, and Widgets. Additionally, it features an AI assistant called Copilot for various tasks.

AppWizard

February 19, 2026

New backdoor found in Android tablets targeting users in Russia, Germany and Japan

Researchers from Kaspersky have discovered an Android backdoor named Keenadu, embedded in the firmware of devices, allowing it to infect tablets before they reach consumers. This malware, affecting over 13,700 users globally, primarily targets advertising fraud by hijacking browser search engines, monitoring app installations, and generating fraudulent revenue. Tablets from various manufacturers, including Alldocube, have been found compromised, with the malware likely inserted during the firmware build stage through a compromised supply chain. Keenadu has multiple variants, some hidden in applications, and employs evasion tactics based on device language settings and time zones. It cannot be removed using standard Android security tools, and users are advised to install clean firmware or replace their devices entirely.

Tech Optimizer

February 18, 2026

Fake Antivirus Program Threatens Android Phones and Steals Data – Jordan News | Latest News from Jordan, MENA

Cybersecurity experts have identified a malicious campaign targeting Android users through a counterfeit antivirus application called TrustBastion. This app serves as a vehicle for distributing malware that steals personal and banking information and provides attackers with remote access to infected devices. TrustBastion has been found on Hugging Face, complicating detection for users. The app masquerades as a legitimate security tool, prompting users to install a “necessary update” that contains malicious code. Once activated, the malware captures screenshots, displays fake login pages for financial services, and records sensitive information, which is sent to the hackers' servers. Attackers frequently re-upload modified versions of the app, maintaining its harmful functionality. Users are advised to download apps only from official stores, review ratings, and avoid untrusted APK files. Installing reputable antivirus solutions and activating Google Play Protect is recommended for enhanced security.

Tech Optimizer

February 16, 2026

Researchers Uncover OysterLoader, an Advanced Obfuscated Loader Powering Rhysida Attacks

OysterLoader, a sophisticated malware loader also known as Broomstick and CleanUp, has emerged as a significant threat since mid-2024. It is a multi-stage downloader linked to ransomware attacks and data theft, particularly associated with the Rhysida ransomware group. Written in C++, it infiltrates systems through malicious websites that impersonate legitimate software download platforms, tricking victims into executing a signed Microsoft Installer (MSI) that launches the malware. OysterLoader employs a four-stage infection chain designed to evade detection. The first stage uses a packer named TextShell to load hidden code into memory, creating an illusion of legitimacy through harmless Windows API calls. The second stage decompresses a concealed payload using a modified LZMA algorithm. The third stage functions as a downloader and environment tester, establishing contact with its command-and-control (C2) server via HTTPS. In the final stage, OysterLoader installs a malicious DLL that executes every 13 minutes through the Windows Task Scheduler, communicating with multiple hardcoded servers and transmitting critical system information. The malware uses customized Base64 encoding and variable communication endpoints to evade detection. Its primary objective is to ensure persistence and facilitate the delivery of additional payloads, including ransomware and credential stealers. Security analysts predict that OysterLoader will remain a formidable threat through 2026, particularly for organizations downloading administrative tools from unverified sources. Indicators of Compromise (IOC): - Mutex: h6p#dx!&fse?%AS! - Task: COPYING3 (rundll32 DllRegisterServer) - C2 Domain: grandideapay[.]com/api/v2/facade - RC4 Key: vpjNm4FDCr82AtUfhe39EG5JLwuZszKPyTcXWVMHYnRgBkSQqxzBfb6m75HZV3UyRY8vPxDna4WC2KMAgJjQqukrFdELXeGNSws9SBFXnYJ6ExMyu97KCebD5mTwaUj42NPAvHdkGhVtczWgfrZ3sLyRZg4HuX97AnQtK8xvpLU2CWDhVq5PEfjTNz36wdFasecBrkGSDApf83d6NMyaJCsvcRBq9ZYKthjuw5S27EVzWrPHgkmUxFL4bQSgMa4F - IP: 85.239.53.66

Winsage

February 16, 2026

Multiple Flaws Found in Microsoft Windows & Office — Could Let Hackers In

Microsoft has identified at least six zero-day vulnerabilities in Windows and Microsoft Office that were actively being exploited by hackers before patches were released. These vulnerabilities allow attackers to compromise systems with minimal user interaction, such as clicking on malicious links or opening compromised Office documents. Notable examples include a Windows Shell Security Bypass (CVE-2026-21510) and an Office File Exploit that can execute malicious code. The vulnerabilities pose serious risks, including active exploitation, remote code execution, and the potential for malware installation and credential theft. Microsoft has released security patches to address these vulnerabilities, and users are urged to install them immediately. The affected systems include all supported versions of Windows and Microsoft Office applications. Users are advised to install updates, be cautious with emails and links, enable security tools, and keep software up to date.

Tech Optimizer

February 11, 2026

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers have identified a malware campaign that exploited Hugging Face's AI infrastructure to distribute Android banking trojans. The attackers used a deceptive app called TrustBastion, which tricked users into installing what appeared to be legitimate security software. Upon installation, the app redirected users to an encrypted endpoint that linked to Hugging Face repositories, allowing the malware to evade traditional security measures. The campaign generated new malware variants every 15 minutes, resulting in over 6,000 commits in about 29 days. It infected thousands of victims globally, particularly in regions with high smartphone banking usage but lower mobile security awareness. The operation is believed to be linked to an established cybercriminal group. Security experts warn that this incident highlights vulnerabilities in trusted platforms and calls for improved security measures, including behavioral analysis systems and verification of application authenticity. The incident has also sparked discussions about the need for enhanced security protocols for AI platforms.