social engineering Archives

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

Tech Optimizer

February 27, 2026

Fake Avast Website Steals Users’ Credit Card Information

A phishing scam is targeting French-speaking users in Europe by impersonating Avast antivirus software. Victims are lured to a fraudulent website that mimics Avast's official portal, where they are tricked into providing credit card details due to a fabricated €499.99 charge and promises of a refund. The scam uses realistic branding, dynamic JavaScript for urgency, and live chat features to collect personal information. Users are asked to select refund reasons and submit their personal details, after which they are prompted for credit card information. The scam employs the Luhn algorithm to validate card numbers and displays a fake confirmation message after data submission. Key red flags include dynamic dates, tight deadlines, requests for full card re-entry, and suspicious live chat interactions. Avast has warned users about these scams and encourages reporting to authorities.

AppWizard

February 20, 2026

Google banned 80,000 developer accounts, blocked 27 million dangerous apps from outside Google Play and more: How Google kept Android users safe in 2025 – The Times of India

Google's annual review highlighted its security measures for Android and Google Play, reporting that in 2025, it prevented over 1.75 million policy-violating apps from being published and banned more than 80,000 developer accounts. Google Play conducted over 10,000 safety checks on every app, blocked 160 million spam ratings, and Google Play Protect scanned over 350 billion Android apps daily. New fraud protection features were introduced, blocking 266 million risky installations and protecting users from 872,000 high-risk applications. Developer tools were enhanced with Play Policy Insights and expanded pre-review checks, while the Play Integrity API conducted over 20 billion checks daily. Google plans to invest further in AI-driven defenses and implement developer verifications in 2026.

AppWizard

February 20, 2026

Google cleans house, bans 80,000 developer accounts from the Play Store

Google blocked the publication of over 1.75 million policy-violating applications on its Google Play platform in 2025 and took action against over 80,000 developer accounts attempting to introduce harmful apps. The company conducted more than 10,000 safety checks on every app and integrated generative AI models into its app review process, preventing over 255,000 apps from gaining excessive access to sensitive user data. Google blocked 160 million fake or manipulated ratings and reviews in the previous year and identified more than 27 million new malicious apps from outside Google Play, thwarting 266 million risky installation attempts in 2025. Google introduced in-call scam protection to prevent users from disabling Google Play Protect during phone calls. The Play Policy Insights tool provides developers with real-time feedback, and the Play Integrity API performs over 20 billion daily checks to prevent abuse. Google plans to extend developer verification to all developers and has implemented protections for sensitive data in Android 16.

AppWizard

February 20, 2026

Keeping Google Play & Android app ecosystems safe in 2025

The Android ecosystem focuses on preventing real-world harm, including malware and privacy invasions, by enhancing investments in AI and real-time defenses. In 2025, over 1.75 million policy-violating apps were prevented from being published, and more than 80,000 malicious developer accounts were banned. Google Play conducts over 10,000 safety checks on each app, blocking over 255,000 apps from accessing sensitive user data and 160 million spam ratings and reviews. Google Play Protect scans over 350 billion apps daily, identifying over 27 million new malicious apps last year. Enhanced fraud protection was expanded to 185 markets, blocking 266 million risky installation attempts. Developer tools like Play Policy Insights and the Play Integrity API were introduced to streamline app development and enhance security. Developer verification is being extended to ensure accountability, and Android 16 includes features to protect sensitive information with minimal code.

AppWizard

February 19, 2026

Android security gets aggressive as Google bans thousands of developers and millions of sketchy apps

Google has reported significant improvements in app security for Android in 2025, preventing over 1.75 million policy-violating apps from entering the Play Store and removing more than 80,000 developer accounts attempting to distribute malware. The integration of AI models into the app review process has enhanced the speed and accuracy of identifying malicious patterns. Additionally, Google blocked over 255,000 apps from requesting unnecessary sensitive data and eliminated 160 million spam ratings and reviews. Google Play Protect now evaluates over 350 billion apps daily, identifying 27 million new malicious apps outside the Play Store and blocking 266 million risky installation attempts across 185 markets. A new measure has been implemented to prevent users from disabling Play Protect during phone calls to combat social engineering tactics. Future plans include democratizing developer verification and simplifying protection against "tapjacking" attacks in Android 16.

Winsage

February 16, 2026

Multiple Flaws Found in Microsoft Windows & Office — Could Let Hackers In

Microsoft has identified at least six zero-day vulnerabilities in Windows and Microsoft Office that were actively being exploited by hackers before patches were released. These vulnerabilities allow attackers to compromise systems with minimal user interaction, such as clicking on malicious links or opening compromised Office documents. Notable examples include a Windows Shell Security Bypass (CVE-2026-21510) and an Office File Exploit that can execute malicious code. The vulnerabilities pose serious risks, including active exploitation, remote code execution, and the potential for malware installation and credential theft. Microsoft has released security patches to address these vulnerabilities, and users are urged to install them immediately. The affected systems include all supported versions of Windows and Microsoft Office applications. Users are advised to install updates, be cautious with emails and links, enable security tools, and keep software up to date.

Winsage

February 14, 2026

Microsoft Fixes Critical Windows 11 Notepad Flaw

Microsoft has released a patch for a significant vulnerability in Notepad on Windows 11 that could allow attackers to execute code by opening a Markdown file and clicking on a malicious link. This vulnerability was due to how Notepad processed links within Markdown files, which could trigger unverified protocols to load remote content. The patch now includes a security warning before such links can be activated. Users are advised to check for updates via Windows Update and the Microsoft Store to ensure Notepad and related components are up to date. Security tips include inspecting URLs before clicking and keeping Microsoft Defender features enabled.

Tech Optimizer

January 28, 2026

Top Android Antivirus Apps for 2026: Reviews and Key Features

Android users face increasing cyber threats as we approach 2026, with AI-driven malware and ransomware becoming more prevalent. The antivirus market has evolved to include advanced features like real-time threat intelligence and integrated privacy tools. Norton Mobile Security is noted for its machine learning-powered malware detection, VPN, app advisor, and dark web monitoring, achieving a 99.9% detection rate. TotalAV offers user-friendly antivirus scanning and system optimization, with features like real-time phishing protection and cloud-based scanning. Aura Antivirus combines antivirus with identity theft protection and family safety features, excelling in AI-driven behavioral analysis. Bitdefender Mobile Security is recognized for its lightweight design, anti-theft features, and effective web protection. McAfee Mobile Security provides secure Wi-Fi scanning and IoT integration, with high user satisfaction reported. Norton leads in predictive analytics, while TotalAV includes a VPN for remote workers. Aura offers family-oriented tools and compliance-friendly features, incorporating blockchain technology for secure identity verification. Bitdefender is efficient in battery usage and has a high detection rate. McAfee supports multi-device protection and has strong customer support. Norton’s dark web monitoring helps prevent identity theft, and TotalAV blocks trackers and ads. Aura links antivirus protection to financial security with credit monitoring. Bitdefender automates threat responses and has a strong anti-ransomware module. McAfee scans for vulnerabilities in smart devices and provides threat intelligence feeds. Future developments may include quantum-resistant encryption. TotalAV is praised for its user interface, while Aura encourages user feedback for improvements. Bitdefender uses machine learning to reduce false positives, and McAfee employs predictive modeling for personalized security. Organizations must evaluate antivirus solutions based on integration with existing security frameworks, cost, and performance impact. Emerging trends include biometric authentication and deeper hardware-level security protections.

AppWizard

January 26, 2026

Google to Make Sideloading Android Apps a High-Friction Process

Google is enhancing the safety of Android users by complicating the process of sideloading applications to reduce security threats. This change aims to inform users about the dangers of installing unverified applications, as criminals often exploit sideloading through social engineering tactics. Last year, Google introduced new developer verification requirements and a revised installation flow to highlight these risks. The new process is designed to resist coercion, ensuring users are not misled into bypassing safety measures. Advanced users will still have the option to sideload apps but through a more challenging process. Additionally, a survey by Bitdefender indicates that while smartphones are commonly used for transactions, many users lack an understanding of their vulnerabilities, leading to increased risks from cybercriminals.