Security Archives

AppWizard

April 7, 2026

Researchers find 50 ‘dangerous’ Android apps that are secretly hijacking phones: Who is at risk

Recent findings from McAfee have revealed a malware campaign named Operation NoVoice that has infiltrated over 50 applications on the Google Play Store, which collectively received over 2.3 million downloads before being removed. The malware uses a rootkit attack strategy to gain administrator-level control of Android devices while remaining undetected. Affected apps appeared benign, performing tasks like cleaning files or managing photos, but were secretly communicating with a remote server to send device information. This allowed attackers to deploy custom exploit code, achieving root-level access and posing significant security risks. The malware persists even after factory resets, potentially requiring firmware reinstallation for complete removal. Users with older or unpatched Android versions are at greater risk, as well as anyone who downloaded the compromised apps.

AppWizard

April 7, 2026

Apple removes Jack Dorsey’s P2P messenger Bitchat from China App Store

Apple has removed Jack Dorsey's decentralized peer-to-peer messaging service, Bitchat, from its China App Store following a request from the Cyberspace Administration of China (CAC). The app's beta version was also suspended in the region. Dorsey confirmed that Bitchat was removed in February, and Apple stated that all apps must comply with local laws and regulations. The CAC noted that Bitchat violated regulations requiring online services that can influence public opinion to undergo a security assessment. Bitchat remains available in other countries, with over 3 million downloads on Chrome and more than 1 million on Google Play.

AppWizard

April 6, 2026

Dangerous “NoVoice” malware found in over 50 Play Store apps that were installed 2.3 million times

A new malware threat called "NoVoice" has been found in over 50 applications on the Google Play Store, with 2.3 million installations on Android devices. Discovered by McAfee, this malware is hidden in seemingly harmless apps like system cleaners, games, and image galleries. It exploits Android vulnerabilities to gain root access, potentially allowing attackers to steal sensitive information and manipulate applications without user consent. In some cases, it may persist even after a factory reset. Google has stated that Android devices updated since May 2021 are protected against this threat and that Google Play Protect actively removes malicious apps and blocks new installations. The malware was not able to infect devices in Beijing and Shenzhen, suggesting the attackers may be avoiding local law enforcement. One identified app carrying the NoVoice payload is SwiftClean, developed by Biodun Popoola. The malware operates using a silent audio file, executing its code without user detection. Users are advised to download apps only from the Google Play Store and keep their devices updated.

Winsage

April 6, 2026

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code for a Windows privilege escalation vulnerability, named BlueHammer, has been released, allowing attackers to gain SYSTEM or elevated administrator permissions. This zero-day vulnerability was disclosed by a researcher, Chaotic Eclipse, who expressed frustration with Microsoft's handling of the issue. The exploit combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, granting local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts. While the exploit is confirmed to work, it has been found unsuccessful on Windows Server due to bugs that hinder its effectiveness. Attackers can gain local access through various means, raising significant security risks. Microsoft has not yet responded to inquiries about the BlueHammer flaw.

Winsage

April 6, 2026

Why Microsoft is forcing Windows 11 25H2 update on all eligible PCs

Microsoft has announced that eligible Windows 11 PCs currently on the 24H2 version will be automatically upgraded to the 25H2 edition, with no user action required, although users can temporarily postpone the update. The eligibility assessment for the update uses machine learning, considering factors such as testing results, user feedback, and diagnostic data. The update is mandatory for individual users of Windows 11 Home or Pro editions, as support for 24H2 will expire on October 13, ending security patches for that version. IT-managed computers are excluded from this automatic update. Users can check for eligibility by navigating to Settings and selecting Windows Update. The 25H2 update is designed to be more compact and efficient, updating only necessary files and sharing the same code base as 24H2, which improves stability and reliability. To check the current version of Windows 11, users can go to Settings, select System, and click on About.

Tech Optimizer

April 6, 2026

Scammers Want Our Data, Yet CNET Finds Many of Us Aren’t Protecting Our Devices

- 78% of US adults currently own a personal laptop, with HP (32%) and Apple (26%) being the most popular brands. - 54% of laptop owners have encountered potential malware on their devices in the past year. - 88% of those who reported seeing potential malware took action, while 12% did not respond. - 68% of proactive laptop owners either deleted the suspicious file or closed the website or pop-up. - 37% of laptop owners received phishing emails in the past year. - Many modern devices come equipped with built-in antivirus solutions, such as Microsoft Defender for Windows 11 and XProtect for Mac users. - 60% of users who acted upon encountering potential malware manually deleted files or closed suspicious websites, while 35% initiated antivirus scans. - Antivirus software alone cannot safeguard against data breaches or identity theft; a comprehensive cybersecurity strategy involves various tools and practices. - Recommended tools for online security include Bitdefender for antivirus, Aura for identity theft protection, Bitwarden for password management, and ExpressVPN for VPN services.

AppWizard

April 6, 2026

China Blocked Jack Dorsey’s Decentralized Messenger bitchat

Chinese authorities have ordered the removal of Jack Dorsey’s decentralized messaging app, bitchat, from the local App Store due to concerns about its potential to disrupt information control during civil unrest. Apple complied by removing both the main and beta versions of the app. The app remains accessible outside of China. Dorsey stated that the removal reflects bitchat's influence on public discourse. The Chinese regulator cited violations of regulations that require online services capable of swaying public opinion to undergo security reviews before launch. Bitchat operates independently of traditional internet infrastructure using Bluetooth and mesh networking technology, making it resistant to censorship. It has gained attention in regions with internet restrictions and was introduced in July 2025. Bitchat has over 3 million downloads, with more than 92,000 in the past week and over 1 million installs on Google Play. Additionally, Block, the parent company, recently reduced its workforce by about 40%, equating to around 4,000 employees, due to AI implementation and process optimization.

Winsage

April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.

AppWizard

April 6, 2026

Samsung’s Messages app is shutting down in 2026: Here’s what you need to do

Samsung will discontinue its Messages app in July 2026, requiring users to switch to Google Messages. After the shutdown, Samsung Messages will only send texts to emergency contacts and services. Users will receive in-app prompts to switch and can easily set Google Messages as the default. Devices running Android 11 or lower will remain unaffected. This follows Samsung's 2024 decision to stop pre-installing its Messages app on flagship Galaxy devices. The transition emphasizes the benefits of Google Messages, including enhanced security, support for Rich Communication Services (RCS), and improved multi-device connectivity.

AppWizard

April 6, 2026

China orders Apple to pull Dorsey’s Bitchat, the messaging app used during Iran protests

Apple has removed the decentralized peer-to-peer messaging application Bitchat from its China App Store due to violations of regulations set by the Cyberspace Administration of China, which requires security assessments for apps that can influence public opinion or facilitate social mobilization. Bitchat operates over Bluetooth and mesh networks, making it resistant to traditional government internet shutdowns. The app has over three million downloads across various platforms, with more than 92,000 downloads in the past week and over one million registered downloads on the Google Play Store.