static analysis Archives

AppWizard

August 5, 2025

New Android Malware Poses as SBI Card and Axis Bank Apps to Steal Financial Data

McAfee’s Mobile Research Team has identified a malware campaign targeting Android users in India, specifically Hindi speakers. The malware disguises itself as legitimate financial applications from banks like SBI Card, Axis Bank, and IndusInd Bank. It is distributed through phishing websites that mimic official banking portals and uses authentic assets to appear credible. The malware has dual functionality: it exfiltrates personal and financial data and mines Monero cryptocurrency using the XMRig tool, activated remotely via Firebase Cloud Messaging (FCM). It masquerades as a Google Play update, prompting users to install it, which leads to data theft. Upon installation, the malware presents a fake Google Play interface and requests sensitive information, which is sent to a command-and-control server. After data submission, users see a misleading confirmation page. The malware employs a multi-stage dropper to evade detection, with remote activation capabilities that keep it dormant until triggered. Phishing sites promote the malicious APK through SMS, WhatsApp, or social media. McAfee has reported these threats to Google, resulting in the blocking of the associated FCM account. All variants are classified as high-risk, with infections primarily in India but some in other regions. Users are advised to download apps only from Google Play and to be cautious with unsolicited links. Indicators of Compromise (IOCs) include specific APKs for various credit cards and phishing site URLs related to the campaign.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

Winsage

July 25, 2025

This update could finally solve Windows 11’s sluggishness

Microsoft has introduced a new logging system in a test build of Windows 11 that automatically gathers performance logs when users experience sluggishness. This feature allows Windows Insiders to provide feedback on slow performance, with logs collected automatically to help identify issues. Users should select the Desktop > System Sluggishness category for feedback, and logs are stored locally in the %systemRoot%TempDiagOutputDirWhesvc folder before being sent to Microsoft upon feedback submission. This initiative is part of ongoing performance enhancements for Windows 11, which have included improvements to the Taskbar, notifications area, and quick settings panel, as well as reduced impact from startup applications. The upcoming 25H2 update will introduce new certification requirements for Windows drivers, including static analysis to identify potential issues before deployment.

AppWizard

July 25, 2025

Fake Indian Banking Apps on Android Steal Login Credentials from Users

A recently discovered malicious Android application poses significant risks by masquerading as legitimate banking apps in India. It facilitates credential theft, conducts surveillance, and executes unauthorized financial transactions. The malware operates on a modular architecture with a dropper and primary payload, employing deceptive user interfaces and silent installation techniques to evade detection. The dropper requests extensive permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, to monitor connectivity, install secondary APKs without user awareness, and profile installed apps. It loads a hidden payload and initiates installation using an INSTALL_NOW flag, bypassing app store scrutiny. The main payload requests additional permissions such as READSMS, SENDSMS, and RECEIVESMS for intercepting one-time passwords (OTPs) and two-factor authentication (2FA) codes. It also requests REQUESTIGNOREBATTERYOPTIMIZATIONS, READPHONESTATE, and READPHONENUMBERS for uninterrupted execution, device fingerprinting, and potential call forwarding abuse. Data exfiltration occurs through Firebase Realtime Database, storing user IDs and intercepted SMS metadata. The malware uses Firebase for command-and-control operations and generates phishing pages resembling authentic banking interfaces. Delivery methods include smishing, email phishing, WhatsApp bots, vishing calls, SEO-poisoned websites, malvertising, Trojanized utilities, QR/NFC attacks, preloaded malware on counterfeit devices, and exploitation of accessibility service vulnerabilities. Indicators of compromise include specific SHA256 hashes for the base payload and main payload.

Winsage

July 21, 2025

Microsoft Working to Fix Lag and Slowness in Windows 11

Since its debut in October 2021, Windows 11 has faced various performance-related issues, particularly lag during gaming on hybrid CPUs, leading many users to prefer Windows 10. Microsoft has released several updates to improve performance, but challenges remain. A new feature in a recent test build aims to collect performance logs from users to aid in diagnosing issues, with plans for it to be included in the upcoming 25H2 update. Throughout 2023, Microsoft has made improvements to the taskbar, notification center, quick settings, and reduced the impact of startup applications on boot time. The 24H2 update has also enhanced performance for older PCs. For the 25H2 update, Microsoft will implement stricter driver certification standards, including static analysis to identify code issues before deployment.

Winsage

July 21, 2025

Windows 11 update lets users submit real-time logs for sluggish performance: Report

Microsoft has introduced a new diagnostic data collection system in Windows 11 to address performance issues, allowing users to submit real-time performance logs through the Feedback Hub. This update is part of a broader strategy to improve the operating system's responsiveness and reliability, responding to user complaints about performance since the launch of Windows 11 in October 2021. Enhancements have been made throughout 2023, with the upcoming 24H2 release improving performance on older devices and the anticipated 25H2 update expected to continue this trend. Additionally, developers will now be required to conduct static analysis on drivers before certification to enhance system stability.

Winsage

July 21, 2025

Microsoft wants to fix “slow or sluggish” performance in Windows 11

The forthcoming 25H2 update for Windows 11 aims to address performance issues reported by users since the operating system's launch in October 2021, particularly concerning hybrid CPUs during gaming and overall sluggishness compared to Windows 10. Microsoft is actively seeking user feedback to identify and resolve these issues, utilizing a new test build that automatically collects performance logs from Windows Insiders. In 2023, Microsoft has implemented several performance enhancements, including increased speed for the Taskbar and notifications area, improved functionality of the quick settings panel, and reduced performance impact from startup applications. The previous 24H2 update also improved performance on older hardware. Additionally, Microsoft plans to enhance Windows drivers with new requirements for developers, including mandating static analysis for driver certification to identify potential issues before deployment.

AppWizard

July 15, 2025

This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam

A new variant of the Konfety malware targets high-end Android devices using sophisticated evasion techniques, including distorted APK files to avoid detection. This version disguises itself as legitimate applications, imitating popular apps on the Google Play Store. It employs an 'evil twin' tactic, emphasizing the need to download software only from trusted publishers and avoiding third-party APKs. The malware can redirect users to harmful websites, install unwanted software, and generate misleading notifications. It displays ads through the CaramelAds SDK and can exfiltrate sensitive data such as installed applications and network configurations. Konfety can conceal its app icon and name, using geofencing to alter behavior based on location, and employs an encrypted DEX file to hide services. To evade analysis, it manipulates APK files to appear encrypted, causing misleading prompts during inspection, and compresses critical files with BZIP, leading to parsing failures. Users are advised to avoid sideloading apps, ensure Google Play Protect is enabled, and consider installing a reputable antivirus to enhance security.

AppWizard

July 4, 2025

How to crash Minecraft with your mod

Custom NPC+ is a mod for Minecraft 1.7.10 that enhances player interaction by adding non-player characters (NPCs) and includes features such as the creation of NPCs with customizable skins and items, a quest creation system, a dialog system, a faction system, and distinct roles for NPCs. The author conducted an error analysis using the PVS-Studio static code analyzer, discovering several issues: 1. Localization issues in GuiMailbox.java related to singular and plural forms for minutes. 2. Integer division in JobHealer.java that caused loss of precision in Y-coordinate calculations. 3. Flawed regular expression in TextContainer.java for replacing line-break characters, leading to handling issues across platforms. 4. A logical error in ScriptDBCPlayer.java where a variable was compared to itself, causing unexpected behavior. 5. A mix-up between "and" and "or" operators in Availability.java that rendered certain exception conditions unreachable. The analysis aimed to improve the quality of the Custom NPC+ mod and highlighted the importance of attention to detail in software development.