takedown Archives

TrendTechie

December 24, 2025

Со Spotify скачали 86 млн песен, компания начала расследование, метаданные архива доступны в сети

Anna’s Archive, a non-profit meta-search engine, has acquired 86 million songs and metadata for 256 million compositions from Spotify as part of a project to create a global music archive. Founded by a group of anonymous archivists in response to law enforcement actions against Z-Library, Anna’s Archive aims to preserve digital content and make it accessible to the public. The organization has faced numerous takedown requests but remains a popular platform for pirated content. The Spotify project began after hackers found a way to collect data from the platform, focusing on preserving lesser-known music alongside popular tracks. Anna’s Archive has collected 186 million unique ISRC codes, surpassing existing public databases. Currently, only metadata has been released, with plans to distribute music files starting with popular tracks. Spotify has acknowledged the unauthorized access and is investigating the incident, having blocked accounts involved in data scraping and implemented new security measures. The legality of Anna’s Archive's activities raises questions, as the extraction and distribution of audio files may violate copyright laws and Spotify's terms of service.

Winsage

November 25, 2025

ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

A new wave of ClickFix attacks has emerged, using fake Windows Update screens and PNG image steganography to deploy infostealing malware like LummaC2 and Rhadamanthys. The attacks trick users into executing a command by pressing Win+R and pasting a command copied to their clipboard. Attackers have shifted from using “Human Verification” lures to more convincing full-screen fake Windows Update screens. The fake update prompts users to run a command that initiates mshta.exe with a URL containing a hex-encoded IP address, leading to the download of obfuscated PowerShell and .NET loaders. A notable feature of the campaign is the use of a .NET steganographic loader that hides shellcode within the pixel data of a PNG image, which is decrypted and reconstructed in memory. The shellcode is Donut-packed and injected into processes like explorer.exe using standard Windows APIs. Huntress has been monitoring these ClickFix clusters since early October, noting the use of the IP address 141.98.80[.]175 and various paths for the initial mshta.exe stage, with subsequent PowerShell stages hosted on domains linked to the same infrastructure. Despite the disruption of Rhadamanthys’ infrastructure in mid-November, active domains continue to serve the ClickFix lure, although the Rhadamanthys payload appears to be unavailable. To mitigate the attack, disabling the Windows Run box through Group Policy or registry settings is recommended, along with monitoring for suspicious activity involving explorer.exe. User education is critical, emphasizing that legitimate processes will not require pasting commands into the Run prompt. Analysts can check the RunMRU registry key to investigate potential ClickFix abuse.

AppWizard

November 9, 2025

Stalker dev GSC Game World DMCA’d a Stalker-inspired indie off Steam⁠, and the devs are crying foul: ‘This is an abuse of power against small independent developers by a large corporation’

The indie developer of the cooperative survival horror shooter Misery announced on its Steam community hub that the game was delisted due to a DMCA strike from GSC Game World, which claimed Misery used their content without authorization. The developer, Maewing, shared an email from Valve stating the allegations and emphasized that Misery does not pose a threat to GSC's intellectual property, asserting that all content is original or legally licensed. The post also mentioned that Misery does not include any characters, plotlines, assets, or music from GSC's games. Following the DMCA claim, there was speculation about potential motivations related to the developers' alleged support for the Russian invasion of Ukraine, although this remains unverified. The Misery Discord has since implemented new moderation rules to prevent inflammatory discussions.

Winsage

October 30, 2025

YouTube removes Windows 11 Microsoft account bypass video citing a community guideline violation with potential to cause serious physical harm or death — “I don’t think Microsoft had anything to do with it.”

On October 14, 2025, Microsoft ended support for Windows 10, impacting around 400 million PCs globally, and encouraged users to upgrade to Windows 11 through full-screen notifications. Users can enroll in the Extended Security Updates (ESU) program for an additional year of support at no cost by syncing their PC settings with a Microsoft Account or using 1,000 Microsoft Reward points, which is free in the European Economic Area. Advocacy groups criticized the ESU program, calling it ineffective and indicative of planned obsolescence. Some users are considering switching to Linux for fewer ads and less telemetry tracking. Third-party tools like Flyoobe and Tiny11 help users transition to Windows 11 by bypassing hardware requirements and streamlining the OS. YouTube removed a video from CyberCPU Tech demonstrating local account setup for Windows 11, and Microsoft is enforcing Microsoft account requirements during new installations. The creator, Rich, believes the video removal was due to YouTube's AI misinterpretation, not Microsoft.

AppWizard

September 17, 2025

Google dismantles huge Android ad fraud network distributing malware through 224 apps

Security researchers from HUMAN’s Satori Threat Intelligence and Research Team, in collaboration with Google, dismantled an ad fraud scheme called SlopAds, which involved over 224 AI-themed applications designed to generate fraudulent ad views and clicks. The scheme had over 38 million downloads across 228 countries and was responsible for 2.3 billion ad bid requests daily, with most traffic originating from the United States (30%), India (10%), and Brazil (7%). The apps used hidden browsers to load attacker-controlled websites, simulating ad clicks and impressions. Google removed the identified apps from the Play Store and advised users to uninstall them. Experts warn that the perpetrators may adapt their tactics to continue exploiting the digital advertising ecosystem.

AppWizard

September 14, 2025

Super Mario Bros. Remastered PC Is Available for Download

In July 2025, Super Mario Bros. Remastered, a fan-driven remake of the NES classic, was announced for PC download. The game features improved physics, audio, and graphics, with support for full widescreen monitors. Players can customize the game using resource packs and utilize a Level Editor to design their own levels, although sharing creations is not currently supported. The game includes The Lost Levels, Super Mario Bros. Special, and a revamped All Night Nippon: Super Mario Bros. Players may face issues downloading LSS levels, which the development team plans to address. The remake does not use any original game assets, requiring players to provide their own ROM of the NES game. Super Mario Bros. Remastered can be downloaded from its Discord server, where new users can find the link in the “announcements” section.

Tech Optimizer

September 5, 2025

TAG-150 Hackers Deploy Custom Malware Families to Target Organizations

A new cyber threat actor, TAG-150, has emerged since March 2025, utilizing a sophisticated multi-tiered infrastructure and custom malware, including CastleLoader, CastleBot, and CastleRAT. TAG-150's infrastructure consists of four tiers, including command-and-control servers and intermediary layers to obscure operations. The CastleRAT trojan, available in Python and C variants, features advanced capabilities such as stealth evasion, system information collection, and remote surveillance functions. TAG-150 employs phishing techniques and fraudulent domains to compromise victims, achieving a 28.7% infection rate among those who interact with their schemes. The group utilizes privacy-focused services and frequently relocates its infrastructure to evade detection. Experts recommend proactive measures to counteract TAG-150's activities, including blocking identified infrastructure and monitoring for data exfiltration. Indicators of compromise include specific IP addresses associated with CastleLoader.

AppWizard

August 2, 2025

Mastercard deflects blame for NSFW games being taken down, but Valve says payment processors ‘specifically cited’ a Mastercard rule about damaging the brand

Mastercard clarified that it allows all lawful purchases and does not evaluate games or impose restrictions on game creator platforms. Valve confirmed the removal of certain NSFW titles from Steam, which followed similar actions by Itch.io, reportedly due to pressures from credit card companies. Itch.io noted that its payment processors include Paypal and Stripe, with Stripe suspending payment options for 18+ content, leading to restrictions on certain games. Valve stated that it attempted to communicate with Mastercard directly but did not receive a response, as communication occurred through payment processors and banks. Mastercard's Rule 5.12.7 prohibits transactions that could be deemed illegal or damaging to brand reputation, including products considered "patently offensive." Public pressure campaigns have influenced these developments in the gaming community.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

AppWizard

June 25, 2025

Shuffle Tactics (PC) Review

Shuffle Tactics is a deckbuilding roguelike game that revitalizes established mechanics within the genre. Players navigate grid-based maps filled with enemies and objectives, using action points to deploy cards for attacking and defending. The game features three distinct characters with unique specialties: the Doberknight, an archer with ricocheting arrows, and a turret specialist, along with a magic user. Players can customize their combat decks by adding or removing cards after encounters and can acquire relics for passive effects and items to enhance specific cards. The game allows players to recruit sidekicks with their own decks. Each playthrough offers a unique experience, although some mechanics lack adequate explanation. The narrative involves a king who has gone mad, but it serves more as a minor distraction than a central focus.