techniques Archives

Winsage

June 17, 2026

Windows devs rerolled old code to save precious bytes

Veteran Microsoft engineer Raymond Chen shared a story about the development of an x86-32 emulator that utilized binary translation, significantly improving performance compared to traditional emulation methods. During the project, the team faced an issue where a function allocated 64 KB of memory but was optimized by a compiler into 65,536 instructions, leading to 256 kilobytes of code being used to initialize the data. In response to this inefficiency, the engineers modified the translator to replace the inefficient function with a more compact loop, highlighting their commitment to memory efficiency during a time when operating systems prioritized resource conservation.

AppWizard

June 17, 2026

New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

Zimperium’s zLabs researchers have analyzed a newly identified Android banking trojan named Rokarolla, which targets 217 distinct banking and cryptocurrency applications. It is distributed through malicious websites that impersonate popular platforms like TikTok and Google Chrome, with one identified distribution point being hxxps://infocontablidades[.]it[.]com/. The malware uses a dropper disguised as Google Play Protect to install a second-stage payload and gain Accessibility Services access, allowing it to simulate user interactions and manipulate on-screen elements. Rokarolla downloads counterfeit HTML login pages for targeted applications and overlays them to capture user credentials, including sensitive card information. It can also deploy a fraudulent PIN entry screen, read and send SMS messages, intercept one-time codes from banks, and block incoming calls. The malware rewrites the clipboard, operates a keylogger and screen content logger, and scrapes WhatsApp contact data. It captures screenshots without alerting users and has a resilient command-and-control infrastructure with multiple fallback domains. No product flaws are exploited, and defenses against it include installing apps only from Google Play and being cautious with Accessibility Services. Zimperium’s Mobile Threat Defense and zDefend products can detect Rokarolla, and a list of indicators of compromise is available on their GitHub repository.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

AppWizard

June 16, 2026

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Security researchers at Zimperium's zLabs have identified a new Android banking trojan named Rokarolla, which can target 217 banking and cryptocurrency applications and execute 137 remote commands. The malware spreads through deceptive websites that impersonate popular apps, installing a dropper that mimics Google Play Protect to gain Accessibility access. It uses overlay techniques to capture sensitive information by displaying counterfeit login pages and can intercept SMS messages, including one-time codes from banks. Rokarolla also features a keylogger, screen logger, and can rewrite clipboard contents to divert cryptocurrency payments. It employs advanced methods for discreet data capture and has multiple fallback command-and-control domains, making it resilient against takedowns. There is no patch available for this malware, and users are advised to install apps only from Google Play and remain cautious of unexpected Accessibility requests. Zimperium's products can detect this malware, and indicators of compromise are available on their GitHub repository.

Winsage

June 14, 2026

Microsoft hides these secret Windows 11 performance boost settings available on every PC

Windows enthusiasts aim to enhance system performance while managing heat and power consumption, especially in mobile PCs. Under-volting techniques are commonly used to optimize performance and reduce power consumption, with tools like AMD's Ryzen Master and Intel's XTU available for this purpose. Users can also adjust settings in the BIOS, such as Curve Optimizer for Ryzen processors. Processor Power Management operates through the Advanced Configuration and Power Interface (ACPI), which includes P-states for voltage-frequency scaling and C-states for CPU sleep states. Windows provides two default P-States: "Minimum Processor State" and "Maximum Processor State." A Registry modification can unlock additional options under a "Processor performance boost mode" dropdown, allowing for five distinct profiles: 1. Disabled: Disables processor boosting, reducing power consumption and heat but limiting performance. 2. Enabled: Allows boost functionality under normal conditions, balancing performance with power and thermal constraints. 3. Aggressive: Prioritizes performance, allowing higher boost states but increasing power draw and thermal output. 4. Efficient Enabled: Focuses on energy efficiency while allowing boosting. 5. Efficient Aggressive: Balances performance responsiveness with efficiency. To enable the Processor performance boost mode, users must access the Registry Editor, navigate to a specific path, and modify the value of Attributes from 1 to 2. This will reveal the new "Processor performance boost mode" dropdown with the five P-State options. The settings are summarized as follows: - Disabled: P-state behavior is disabled. - Enabled: P-state behavior is enabled with Efficient Enabled CPPC. - Aggressive: P-state behavior is enabled with Aggressive CPPC. - Efficient Enabled: Efficient P-state behavior with Efficient Enabled CPPC. - Efficient Aggressive: Efficient P-state behavior with Aggressive CPPC. - Aggressive At Guaranteed: Requests performance above the guaranteed level. - Efficient Aggressive At Guaranteed: Consistently requests the highest performance above the guaranteed level. Users should be cautious when modifying these settings, as issues may arise that require reverting to original settings.

AppWizard

June 14, 2026

Hide-and-seek game where you paint your body to blend in sells a million copies in four days

Players in Meccha Chameleon control a featureless, white, blobby biped and use a color wheel to paint their bodies in real-time to blend into their surroundings. The game sold one million copies within four days of its release. The developer, lemorion_1224, announced this milestone on the Steam community blog and expressed gratitude to players. The game has gained popularity among streamers and YouTubers, and it supports public matches and streaming. Meccha Chameleon is a lobby-based PvP party game where players are divided into seekers and hiders, with seekers trying to locate all hiders before time runs out. The game features creative disguising techniques, such as blending into shadows or textures. It is priced at just under .

BetaBeacon

June 14, 2026

Arm Shows Off Its Answer to DLSS on Android – and a Whole-Ass Game by Sumo Digital with Unreal Engine 5 MegaLights

MegaLights is a revolutionary lighting solution that allows developers to incorporate an unlimited number of light sources at a fixed cost.

AppWizard

June 13, 2026

I’m sad, I’m angry, I’m interested: Destiny’s final cutscenes are a painful end to a new saga cut short

Destiny 2's latest update, Monuments of Triumph, concludes the decade-long Light and Darkness saga with The Final Shape and introduces a new narrative arc called the Fate saga, starting with The Edge of Fate. This update features hidden cutscenes that provide insights into the characters' journeys and the future of the game. One cutscene highlights Zavala reflecting on his journey and entrusting the future to Ikora, while the second cutscene presents Lodi in the Dark Forest, hinting at a confrontation between Dark and Light and introducing the Winnower, an extradimensional god. The update showcases improved cinematic quality and leaves players with a mix of intrigue and sadness, suggesting potential for future storytelling in the Destiny universe.

BetaBeacon

June 12, 2026

Arm is bringing Android its own version of DLSS – game with Unreal MegaLights will show it off

Arm has announced that advanced rendering features like ray tracing, Unreal MegaLights, and neural supersampling will soon be available on new Android mobile devices. A tech demo called Neural Dawn by Sumo Digital showcases ray tracing at playable framerates with AI-based upscaling, exclusive to devices equipped with an upcoming successor to Arm's Mali G1 GPU. This will be the first mobile game to support Unreal Engine 5's MegaLights, previously exclusive to high-end console and PC games. The next generation of Mali G1 will introduce support for neural upscaling features similar to Nvidia's DLSS technology.

Tech Optimizer

June 11, 2026

9 Best Antivirus Software On G2: My Top Picks

Antivirus software can become overwhelming for organizations due to alert fatigue shortly after deployment. Analysts often struggle to prioritize notifications, leading to the mismanagement of legitimate tools and unclear incident timelines. A review of nine antivirus solutions based on G2's Winter 2026 Grid® Report identified the following top performers: 1. ESET PROTECT: Best for machine learning-driven endpoint protection; offers enterprise-grade security with a free trial available. 2. Sophos Endpoint: Best for ransomware prevention; provides centralized policy control with a free trial available. 3. ThreatDown: Cost-effective EDR with MDR flexibility; combines antivirus and endpoint detection with a free trial available. 4. CrowdStrike Falcon: Best for large-scale enterprise threat prevention; cloud-native platform with subscription-based pricing and a free trial available. 5. Check Point Harmony Endpoint: Best for unified endpoint and zero-trust protection; integrates malware prevention and phishing defense with a free trial available. 6. Microsoft Defender for Endpoint: Best for Microsoft-native environments; deeply integrated with Microsoft 365, licensed through enterprise agreements. 7. Kaspersky AntiVirus: Best for traditional malware protection; provides real-time protection against various threats. 8. SentinelOne: Best for autonomous AI-driven endpoint response; features automated remediation and ransomware rollback with a free trial available. 9. FortiClient: Best for Fortinet-centric environments; offers VPN access and security policy enforcement with a free basic client available. The analysis highlighted that effective antivirus solutions prioritize behavioral analysis over traditional signature-based detection, minimize false positives, and maintain low system impact during operation. Key factors for evaluating antivirus software include threat detection accuracy, centralized visibility, response capabilities, and deployment stability.