SSH Archives

Tech Optimizer

June 9, 2026

Fake ChatGPT download site infects Windows and Mac users with malware

A counterfeit website, openew[.]app, is impersonating OpenAI's official ChatGPT download page and distributing malware. Windows users who download from this site receive a credential-stealing malware loader, while macOS users are infected with Odyssey Stealer, a variant associated with cryptocurrency theft. The fake site mimics the legitimate ChatGPT interface and uses HTTPS to appear trustworthy. The Windows malware, Chat_GPT.exe, creates a back channel to an attacker-controlled server, while the macOS malware captures sensitive data and attempts to replace legitimate cryptocurrency wallet applications with compromised versions. Users who download from official sources remain safe, but those who click on ads or unfamiliar links risk compromising their online accounts and sensitive information. Malwarebytes offers protection against this malware. Indicators of compromise include specific file hashes and network indicators associated with the malicious site.

Tech Optimizer

June 7, 2026

Implementing real-time change data capture with Debezium for Amazon Aurora PostgreSQL and Amazon RDS for PostgreSQL

Amazon Aurora PostgreSQL-Compatible Edition and Amazon RDS for PostgreSQL now support native streaming replication, allowing data changes to flow from source databases. Organizations often struggle to capture and propagate these changes in real time without affecting database performance. Traditional ETL pipelines can introduce significant delays, leading to outdated data and missed opportunities. Debezium is an open-source platform for change data capture (CDC) that monitors databases and streams changes to applications or data pipelines, enabling real-time data synchronization. The CDC solution combines PostgreSQL's logical replication with Debezium's change capture framework, focusing on Amazon Aurora for PostgreSQL. To implement this solution, logical replication must be enabled on Amazon Aurora through DB cluster parameter groups. Debezium connectors monitor the database's Write-Ahead Logging (WAL) via logical replication slots, converting transaction logs into structured event streams. Key components of the solution include: - Amazon Aurora for PostgreSQL as the source database with logical replication enabled. - A Debezium PostgreSQL connector running on MSK Connect for change capture. - Amazon MSK for message streaming. - An Amazon EC2 instance for testing and consuming change events. Steps to implement the solution include: 1. Creating an Amazon Aurora for PostgreSQL DB cluster and enabling logical replication. 2. Creating an Amazon MSK serverless cluster. 3. Setting up an Amazon EC2 instance to install Kafka and connect to the database. 4. Creating a custom plugin for Amazon MSK to replicate changes from RDS for PostgreSQL. 5. Uploading the custom plugin to an Amazon S3 bucket. 6. Storing credentials in AWS Secrets Manager and creating an IAM role for MSK Connect. 7. Testing the solution by verifying data replication and monitoring real-time changes. Monitoring can be done through CloudWatch Logs and the MSK Connect console, addressing common issues like replication slot lag and connector failures. To avoid charges, resources created during the implementation should be deleted in the correct order.

Tech Optimizer

June 6, 2026

Implementing real-time change data capture with Debezium for Amazon Aurora PostgreSQL and Amazon RDS for PostgreSQL

Amazon Aurora PostgreSQL-Compatible Edition and Amazon RDS for PostgreSQL support native streaming replication, allowing data changes to flow from source databases. Organizations often struggle with real-time data capture and dissemination, leading to outdated information due to traditional batch ETL pipelines. Debezium is an open-source platform for change data capture (CDC) that streams database changes to applications or data pipelines in real time. The CDC solution utilizes PostgreSQL's logical replication capabilities and Debezium's framework. Key components include Amazon Aurora for PostgreSQL as the source database, a Debezium PostgreSQL connector on MSK Connect, Amazon MSK for message streaming, and an Amazon EC2 instance for testing. To implement the solution, users must enable logical replication on Amazon Aurora, create an Amazon MSK cluster, set up an EC2 instance with Kafka, and create a custom plugin for MSK Connect. The process involves configuring IAM roles and policies, connecting to the database, and creating an Amazon MSK connector to stream changes. Testing the solution includes verifying real-time changes by inserting, updating, and deleting records in PostgreSQL, with events appearing in Kafka. Monitoring tools are available through CloudWatch for troubleshooting issues like replication slot lag and connector failures. To clean up resources after testing, users should delete the MSK Connect connector, custom plugin, Amazon MSK cluster, Aurora PostgreSQL database instance, EC2 instance, IAM role and policy, Secrets Manager secrets, CloudWatch Logs log group, and S3 bucket.

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

AppWizard

May 9, 2026

OpenAI Enables Smartphone Control For Codex Sessions

Version 1.2026.125 of the ChatGPT Android application introduces a feature that allows users to remotely connect to a desktop Codex session. Prompts will instruct users to ensure Codex is open on their desktop and signed into the same account. OpenAI's blog post from April 16, 2026, mentions updates to Codex, including background computer usage, an in-app browser, improved workflow support, and alpha SSH remote connections. The remote_connections feature is in its alpha stage and can be enabled by modifying the configuration file at ~/.codex/config.toml. This addition aims to streamline mobile-triggered development workflows and enhance user experience.

TrendTechie

April 30, 2026

Nano NAS из смартфона

Evenings spent with family watching series and movies can be challenging due to the logistics of accessing content, such as reliance on multiple laptops and cumbersome connections to the television. The author repurposed an old OnePlus 5T smartphone as a media server, utilizing its 64 GB of internal storage by managing content carefully. The setup involves installing Termux and creating a Linux-like environment using PRoot, allowing the phone to retain its dual SIM functionality while deploying media-sharing services. The software selected includes Alpine Linux, sshd, dms (a lightweight DLNA server), and transmission-daemon for torrent management. A step-by-step guide details the installation process, configuration, and tips for optimizing performance. The outcome is a cost-effective solution that transforms the smartphone into a compact DLNA server, accessible over the local network, enabling effortless downloading, sharing, and streaming of films.

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.

BetaBeacon

April 21, 2026

How to Install Steam on Android with ROCKNIX

The text provides a list of Steam-compatible devices from different brands such as AYN, AYANEO, Retroid, and KONKR. It also gives detailed instructions on how to install ROCKNIX on these devices, back up existing ABL, flash ROCKNIX ABL, change boot mode, install Steam, enable Steam Input, change game configs, and adjust ROCKNIX Steam settings. Additionally, it compares the pros and cons of using ROCKNIX versus Android on compatible devices and recommends installing ROCKNIX on a microSD card rather than on the internal storage due to potential risks.

Winsage

March 31, 2026

Microsoft to upgrade Windows Subsystem for Linux (WSL) with faster file access, better networking and easier setup

Microsoft plans to enhance the Windows Subsystem for Linux (WSL) in 2026, focusing on several key improvements for developers. These enhancements include: - Faster file performance between Linux and Windows to address current latency issues. - Improved network compatibility and throughput for better communication between environments. - A streamlined setup and onboarding experience to simplify installation for newcomers. - Enhanced enterprise management and security features to improve control and safety in corporate settings.