social engineering tactics Archives

AppWizard

June 10, 2026

France’s Government Messaging App Tchap Got Breached

On June 7, 2026, Tchap, the French government's encrypted messaging platform for civil servants, experienced a significant breach detected by ANSSI. The breach resulted from a compromised user account and involved the education shard of Tchap, specifically targeting matrix.agent.education.tchap.gouv.fr. Approximately 650,000 messages, data from over 73,000 accounts, and about 13.5GB of documents and media files were allegedly scraped. The attacker also claimed to have discovered hardcoded LDAP credentials leaked through a PowerShell script shared by a regional director of the French tax authority. DINUM, the French Digital Affairs Directorate, stated that private conversations on Tchap are end-to-end encrypted and that the compromised account has been blocked. They notified CNIL about the potential exposure of personal data and reminded users to avoid sharing sensitive information in public chat rooms. The breach follows a mandate from Prime Minister François Bayrou in August 2025 requiring all civil servants to use Tchap, increasing its attractiveness as a target for cyber threats. The investigation into the breach is ongoing.

AppWizard

June 3, 2026

Fake ‘Minecraft’ Mods Bring Malware to as Many as 116,000 Players

The "Minecraft" community is facing a cybersecurity threat from a malware operation called WeedHack, which disguises itself as fake mods to lure players into downloading it. This operation, run by a teenager, has affected over 116,000 players and uses social engineering tactics to distribute malicious mods, cheats, and clients. WeedHack spreads through trusted channels, including YouTube, and employs search engine optimization poisoning to mislead users. The malware operates by disseminating malicious Java Archive files that appear legitimate, compromising devices to extract sensitive information such as session IDs, browser cookies, and cryptocurrency wallet data. It can also steal credentials for applications like Discord, Steam, and Telegram, and includes remote control features for surveillance and keylogging. Approximately 2,000 new infections occur daily, primarily affecting users in the United States, Germany, India, the United Kingdom, and Italy. The low cost of access to this malware has led to its use by teenagers for online bullying and harassment.

Winsage

May 27, 2026

Windows Users Targeted in New Phishing Campaign

Research from FortiGuard Labs has identified a phishing campaign that disguises itself as purchase orders, prompting recipients to open harmful attachments. The campaign begins with a phishing email containing a malicious JavaScript file. When executed, this JavaScript decrypts and runs a PowerShell script that uses process hollowing to inject a .NET downloader module into the trusted Windows process MsBuild.exe. This downloader connects to a remote command and control (C2) server to download and execute additional modules, allowing the attacker to alter the malware's behavior after the initial compromise. The campaign poses significant detection challenges for Windows users due to its use of multiple encryption layers, fileless execution techniques, and process hollowing strategies. Security experts emphasize the need for organizations to enhance their detection capabilities beyond traditional methods, focusing on identifying suspicious activity across various devices and applications. The phishing attack exploits social engineering tactics and blends malicious actions with legitimate administrative tools, complicating detection efforts. Additionally, the human element plays a crucial role in breaches, highlighting the importance of effective communication and collaboration between security teams and other departments to improve security awareness and behavior.

Tech Optimizer

May 27, 2026

WHAT THE TECH? Smartphone anti-virus

Antivirus software is not a necessity for most smartphone users, as the nature of threats has evolved. iPhones isolate apps from the core system, making traditional antivirus scans ineffective; threats mainly come from scams like phishing links and deceptive messages. Android devices allow sideloading, increasing the risk of malware from unofficial sources. The primary dangers for users include phishing texts, fake login pages, scam calls, and social engineering tactics. To enhance security, users should keep their operating systems updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be beneficial in specific situations, such as frequent link clicking or downloading from unfamiliar sites, with reputable options available for added protection against scams and unsafe websites.

Tech Optimizer

May 27, 2026

NordVPN combines VPN and ‘next-generation antivirus’ into one app

NordVPN is merging its VPN and antivirus protections into a single application, rebranding its Threat Protection Pro as "next-generation antivirus." The app is structured around three pillars: VPN, antivirus, and additional features like Dark Web Monitoring. It aims to address modern threats such as phishing and identity theft by intercepting threats in real time. The revamped Threat Protection Pro includes scam and phishing protection, malware protection, ad and tracker blocking, identity and account takeover protection, and file and device protection. This service is part of NordVPN Plus plans and higher, with basic plans offering Threat Protection Lite and essential Dark Web Monitoring. The NordVPN Complete plan includes enhanced features like Dark Web Monitor Pro and Scam Call protection, while NordVPN Prime offers all features along with identity theft protection through Coveron. The company's security strategy emphasizes minimal data collection to avoid becoming a surveillance product, using machine learning for threat detection.

Tech Optimizer

May 25, 2026

What The Tech: Is an anti-virus software needed for smartphones?

Most smartphone users do not require antivirus applications, as the primary threats are scams rather than traditional viruses. iPhones have a secure operating system that limits antivirus functionality, focusing on scams like deceptive texts and phishing links. Android devices allow sideloading, increasing the risk of malware from unofficial sources. Best practices for smartphone safety include downloading apps from official stores, using trusted developers, avoiding dubious links, keeping the operating system updated, using strong passwords, enabling two-factor authentication, and refraining from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click on links, download files from unfamiliar websites, install many applications, engage in Android sideloading, or seek additional protection against scams. Reputable security apps prioritize scam detection and unsafe website identification over traditional virus scanning.

Tech Optimizer

May 22, 2026

What the Tech: Phone antivirus apps |Helpful protection or a scam?

Most individuals do not require antivirus apps on their smartphones, as the primary threats have shifted from traditional viruses to scams and deceptive practices. iPhones utilize app isolation, making them less susceptible to conventional viruses but vulnerable to scams like phishing and fraudulent messages. Android phones allow sideloading, increasing the risk of malware from unofficial sources. The main threats include phishing texts, fake login pages, scam calls, reused passwords, and social engineering tactics. To enhance security, users should keep their phones updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be helpful in specific situations, such as frequent link tapping or downloading files from unfamiliar websites, with reputable companies offering mobile security solutions focused on scam detection and account safety.

Tech Optimizer

May 21, 2026

What the Tech? Antivirus protection for your smartphone

Most users do not require an antivirus app on their smartphones, as the predominant threats are scams such as phishing texts and fraudulent websites rather than traditional viruses. iPhones operate on a design that isolates apps, limiting the effectiveness of antivirus software, while Android devices allow sideloading, which can increase the risk of malware. The real danger lies in deception tactics used by cybercriminals, making personal account security more important than antivirus software. To enhance security, users should keep their operating systems updated, use strong passwords, enable two-factor authentication, avoid suspicious links, and refrain from installing apps from unknown sources. Antivirus apps may be beneficial for users who frequently click on unverified links, download files from unfamiliar sites, or engage in Android sideloading. Reputable security apps focus on scam detection and web protection rather than traditional virus scanning.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

AppWizard

April 21, 2026

New NGate Android malware variant uses NFC app to steal card data

A new variant of the NGate Android malware exploits a legitimate NFC payment app, HandyPay, to steal users' card information and PINs, enabling unauthorized contactless transactions. This malicious version of HandyPay, which has been available since 2021, was identified by ESET researchers and is distributed through a fraudulent lottery website and a fake Google Play page. The malware captures sensitive information by prompting users to enter their payment card PIN and tap their card against the device, sending the data to an attacker-controlled phone and exfiltrating the PIN to a command-and-control server. The campaign employs social engineering tactics and requires minimal permissions, relying on users to enable app installations from unknown sources. The attackers use a centralized infrastructure for malware distribution and PIN collection, with evidence of compromised devices in Brazil. The shift to modifying a legitimate application is motivated by financial incentives, as it offers similar functionality at a lower cost compared to underground tools. Users are advised to avoid installing apps from unofficial sources and to ensure the legitimacy of applications before entering sensitive information.