technique Archives

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

AppWizard

February 25, 2026

This Guy Built One Piece’s Marineford In Minecraft…In Hardcore

A YouTuber named stan616 spent nearly 80 days recreating Marineford from One Piece in Minecraft's Hardcore mode, using over 1,187,773 blocks. Unlike Creative mode, Hardcore mode requires players to mine, harvest, and craft every block, facing threats from aggressive mobs that can lead to complete loss of progress upon death. To aid his project, stan616 used schematics to design blueprints in Creative mode, which were then exported into Hardcore mode. He documented his journey in a 90-minute video, highlighting the risks and challenges he encountered. The completed build is available for purchase on his Patreon for .00.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

AppWizard

February 23, 2026

Pirates VR: Jolly Roger Graphics Comparison – PC VR vs Quest

Pirates VR has been released on standalone VR platforms a year after its initial PC VR launch. The game has received significant updates since its original review in 2025, including improvements to combat mechanics, motion controls for swimming, and enhanced enemy AI. Players can now toggle dialogue from a parrot companion, and new narrative elements have been added. The Quest version uses optimization techniques like Application Spacewarp and fixed foveated rendering, which affect performance and visual quality. The introductory scene showcases advancements in graphics, with dynamic lighting and improved environmental details. While some graphical quality has been reduced, the overall experience remains immersive, with better water rendering compared to other Quest titles. The game is priced at .99 on Steam and PlayStation VR2, and .99 on Meta Quest 3/3S.

AppWizard

February 22, 2026

Crafting Explosions: Custom TNT In Minecraft Bedrock

TNT in Minecraft Bedrock is crafted using five units of sand and four units of gunpowder, arranged in a cross shape in the crafting grid. It can be activated through various methods, resulting in significant explosions. Custom TNT allows players to create unique explosions using command blocks, redstone mechanics, and innovative designs like TNT cannons and traps. Advanced techniques include mastering redstone circuits, TNT duplication, and utilizing data packs for further customization. Safety measures are essential when testing custom TNT, including using a controlled environment, protective gear, and regular backups of the game world. Common issues include TNT not exploding, unexpected explosion effects, and lag, which can be resolved by checking redstone circuits, adjusting parameters, and limiting the number of TNT blocks used.

AppWizard

February 22, 2026

Minecraft Players Just Discovered a Hidden Trick That Changes Survival Mode!

Minecraft has revealed a new survival-mode strategy that enhances resource gathering, mob management, and the early-game experience. This strategy involves a combination of existing game mechanics, allowing players to improve efficiency in resource farming while reducing damage taken. It conserves tools and enables faster acquisition of essential materials without cheats or mods. The trick has gained popularity within the community, leading to tutorials and discussions about its potential impact on gameplay, including faster early-game progression, reduced risk during mob encounters, improved tool durability, and adjustments in multiplayer server strategies. It is not considered a glitch, works on all platforms, and there are no indications that it will be removed in future updates.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

AppWizard

February 19, 2026

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have identified a new Android trojan named Massiv, designed for device takeover attacks targeting financial theft. It disguises itself as IPTV applications and poses risks to mobile banking users by allowing operators to remotely control infected devices for fraudulent transactions. The malware was first detected in campaigns targeting users in Portugal and Greece, with features including screen streaming, keylogging, SMS interception, and fake overlays for credential theft. One campaign specifically targeted the gov.pt application to deceive users into providing sensitive information. Massiv can execute various malicious actions, such as altering device settings, sending device information, and downloading malicious files. It is distributed through dropper applications that mimic IPTV services, often via SMS phishing. The malware operates in the background while the dropper appears as a legitimate app. Recent campaigns have focused on regions like Spain, Portugal, France, and Turkey, indicating a growing threat landscape. The operators of Massiv are developing it further, suggesting intentions to offer it as a Malware-as-a-Service.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

Tech Optimizer

February 19, 2026

How OpenAI Scaled to 800 Million Users on PostgreSQL

OpenAI has scaled PostgreSQL to support over 800 million active users of ChatGPT, making it one of the largest PostgreSQL deployments globally. The database can handle millions of concurrent connections and a very high volume of requests per second. OpenAI employs several strategies to optimize performance: 1. **Connection Pooling with PgBouncer**: Reduced database connections from 10,000 to 200, enhancing efficiency by a factor of 50. 2. **Read Replicas**: Distributes read requests across multiple replicas while the primary database handles writes. 3. **Horizontal Sharding**: Partitions data across multiple instances based on a shard key, such as user_id or tenant_id. 4. **Query Optimization**: Analyzes slow queries and creates appropriate indexes to maintain performance. 5. **Connection Management**: Implements timeouts and connection limits to prevent overload. 6. **Caching**: Uses application-level caching with Redis to reduce database load. 7. **Monitoring and Observability**: Tracks key metrics like connection counts and query latency to identify issues early. These strategies enable OpenAI to maintain performance and reliability for a large user base.