stolen data Archives

Winsage

April 15, 2026

Windows Update Warning: Fake Windows 11 24H2 Site Pushes Password-Stealing Malware

A sophisticated fake Windows update site has emerged, designed to mimic Microsoft’s branding to distribute malware, specifically targeting individuals seeking early access to Windows 11 version 24H2. The fraudulent site resembles a legitimate cumulative update download page, using familiar design elements to evade detection. The malware operates as an information-stealing entity, targeting saved passwords and browser sessions, potentially bypassing two-factor authentication. It transmits stolen credentials through encrypted channels to external servers. The installer uses legitimate packaging tools to minimize detection and employs obfuscated scripts within legitimate software components. The campaign modifies system startup entries and creates disguised shortcuts to maintain persistence. Researchers noted the use of a typosquatted domain and meticulously spoofed file properties. As of April 2026, Microsoft has not released Windows 11 version 24H2 to the public, and legitimate updates are only available through Windows Update. Users are advised to obtain updates exclusively through official channels and keep security features updated.

Tech Optimizer

April 14, 2026

Fake Windows 11 24H2 Update Site Distributes Password-Stealing Malware

A recent discovery by Malwarebytes has identified a cyber threat involving a typosquatted domain that mimics official Microsoft support pages. This site uses authentic branding and KB-style reference numbers to deceive users into downloading what appears to be a legitimate cumulative update. The malware, once installed, operates stealthily, stealing passwords from browsers and active sessions, which allows attackers to bypass two-factor authentication. The stolen data is sent to external servers through encrypted channels. Initial scans showed zero detections by multiple antivirus engines due to the malware's obfuscated scripts. It also modifies system startup entries and creates disguised shortcuts for persistence. Microsoft has not yet released Windows 11 version 24H2 to general users, and updates should only be obtained through official channels to avoid potential threats.

AppWizard

April 14, 2026

Rockstar Games hack shows why GTA 6 isn’t releasing on PC and console simultaneously

Rockstar Games experienced a security breach involving a third-party service, leading to the public release of stolen data after the company declined a ransom demand. The leaked information suggests that PC players contribute only 3% to the weekly bookings of GTA Online, amounting to approximately 4,273, while PlayStation 5 players account for 476,346 in bookings with a weekly active user count of 3,474,021. The weekly active user counts are 894,621 for PC and 3,474,021 for PlayStation 5. This financial disparity may influence Rockstar's release strategies, particularly regarding the anticipated Grand Theft Auto 6.

AppWizard

April 14, 2026

Rockstar hackers release their stolen data, reveal that Rockstar was right to not pay them anything for it

ShinyHunters released data obtained from a breach of Rockstar Games one day before their ransom deadline of April 14. Rockstar Games confirmed that "a limited amount of non-material company information was accessed," and initial reviews indicate that most of the data relates to sales and financial performance rather than significant revelations about Grand Theft Auto 6. The online game Red Dead Online (RDO) generated average weekly revenues exceeding 0,000 between June 2024 and April 2026, amounting to an annualized estimate of approximately .4 million. The hackers initially sought a ransom of 0,000, but the released information has led to skepticism about its actual value. Rockstar Games has not commented on the data release.

AppWizard

April 11, 2026

Hackers demand ransom from GTA6 studio Rockstar, threaten to leak stolen data

Rockstar Games is facing a security breach involving the hacking group ShinyHunters, which has issued a ransom demand for sensitive data. A Rockstar spokesperson confirmed that a limited amount of non-material company information was accessed due to a third-party data breach, stating it has no impact on the organization or its players. This incident follows a similar breach in 2022 when a 17-year-old hacker infiltrated Rockstar's systems. ShinyHunters has targeted various high-profile companies in the past, including Microsoft and AT&T. The breach highlights that many security incidents can result from simple human errors rather than sophisticated hacking techniques.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.

Tech Optimizer

March 26, 2026

Protect your devices from AI scams, malware, and identity theft for under $30 — Norton 360 Premium is ‘the antivirus deal to go for’ in Amazon’s Big Spring Sale

The Norton 360 Premium 2026 one-year pre-paid subscription is available for a reduced price of .99 on Amazon, down from .99. It provides security for up to 10 devices and includes features such as AI-powered scam protection, a VPN for secure internet connections, Dark Web Monitoring for personal information, real-time threat detection, and cloud backup support for up to 75GB. The subscription offers automatic renewal with the option to cancel anytime before renewal.

AppWizard

March 6, 2026

Research company claims spyware posing as Israel’s Red Alert Android app targeting users

Acronis Threat Research Unit (TRU) has uncovered a cyber espionage campaign targeting Israeli civilians through a fake version of the Red Alert app. The attack begins with a deceptive text message claiming to be from Israel's Home Front Command, urging users to download an updated app due to a malfunction. The fraudulent app closely resembles the legitimate Red Alert app but contains malware that collects sensitive personal information, including messages, contacts, location data, and device account details. This data is stored locally and then transmitted to a remote server controlled by the attackers. The hackers use certificate spoofing and other techniques to bypass Android's security measures, making the malicious app appear legitimate. Cybersecurity experts recommend that Israeli users take precautions to protect their personal information.

Winsage

February 11, 2026

Windows shortcut files targeted by ransomware gang Global Group

The Global Group ransomware operates in a mute mode, executing all activities locally on the compromised system without communicating with a command and control server. It generates the encryption key directly on the host machine, meaning no data is exfiltrated despite claims in its ransom note. This method streamlines the attack process, minimizes detection risks, and allows for quicker execution of attacks, targeting more victims while making data exfiltration unnecessary for compelling ransom payments.