Telegram channel Archives

AppWizard

October 24, 2025

New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data

Threat researchers at Netskope have identified a new Remote Access Trojan (RAT) named “Nursultan Client,” disguised as a legitimate application for Minecraft enthusiasts. This malware, developed in Python, uses the Telegram Bot API for command-and-control operations, enabling data exfiltration and persistent access to compromised systems. It was first detected as a 68.5 MB executable compiled with PyInstaller, which is often used for legitimate software but can also bundle malicious scripts. Upon execution, the RAT misleads users with a fake installation progress bar. Its core functionalities operate across Windows, Linux, and macOS platforms, targeting the gaming community through social engineering tactics. The malware contains hardcoded Telegram credentials, allowing attackers to issue commands to infected machines while obscuring their communications. The RAT can execute various commands, including stealing Discord authentication tokens and conducting system reconnaissance. It also offers surveillance capabilities, such as capturing screenshots and webcam images, and has adware functionalities that can open URLs or display pop-up messages. The operation appears to be aimed at lower-tier threat actors, lacking advanced anti-analysis techniques and sophisticated tradecraft. Organizations are advised to monitor encrypted traffic and educate users on software authenticity to mitigate risks.

AppWizard

October 11, 2025

Google blocks Android hack that let Pixel users enable VoLTE anywhere

In October 2025, Google updated its software, rendering the Pixel IMS app inoperative for users of imported Pixel phones in unsupported regions. This app had previously allowed users to enable VoLTE and VoWiFi by bypassing carrier restrictions. The update closed a loophole in Android's telephony framework, classified as a high-severity issue (CVE-2025-48617), leading to crashes when users attempted to toggle these features. While a new workaround exists for enabling VoLTE, it does not support VoWiFi and requires navigating instructions in Chinese. Users needing VoWiFi must either root their devices or wait for Google's official expansion of carrier support.

AppWizard

October 3, 2025

The Must-Have Android Apps for October 2025 (Don’t Miss These!)

The Android ecosystem in October 2025 features a variety of applications designed to enhance convenience, productivity, and creativity. Notable apps include: - Co-Reply: An AI messaging app with context-aware reply suggestions. - Panda: A hands-free navigation tool for multitasking. - Audio Output Switcher: A quick settings tile for switching audio sources. - TMPAD: An app that optimizes older devices for gaming. - Hackne: A ride-hailing price comparison tool for Uber and Lyft. - LTE Cleaner Foss: An open-source app for clearing cache and junk files. - Nora: A social media aggregator for consolidating platforms. - Floating Notes: Customizable sticky notes for reminders. - Shap Key: A battery optimization tool for managing background processes. - Weather Master: A visually appealing weather app with detailed forecasts. - Pixel Play: An offline music player with advanced playback options. - Virtual Shuffle: A tool for randomizing Spotify playlists. - Androidify Update: An AI-enhanced app for creating personalized avatars. - Taii: An AI text editor for refining grammar and generating content. A controversy in the app review community involves accusations of plagiarism against a well-known reviewer, highlighting ethical dilemmas and the need for integrity and collaboration among reviewers. Additional tools mentioned include Network Switch for toggling between 4G and 5G networks and Shizuku Dependency for unlocking advanced app functionalities. The importance of user involvement and support for indie developers is emphasized in fostering a vibrant Android community.

TrendTechie

July 18, 2025

Индийская Torrent Pharmaceuticals привлекла $2.3 млрд в рамках сделки с JB Chemicals

Torrent Pharmaceuticals Ltd. has secured a credit line of .3 billion to acquire a controlling stake in JB Chemicals & Pharmaceuticals Ltd. The credit facility is supported by banks including Barclays Plc, HSBC Holdings Plc, and Standard Chartered Plc, with a maturity period of up to four years. Torrent plans to purchase 53.8% of JB Chemicals from KKR & Co. for approximately .4 billion and has made a mandatory offer for an additional 26% of shares at 1,639 rupees per share. JB Chemicals' market valuation reached .6 billion in 2024, with a 20% increase in stock price. The Indian M&A landscape has seen an 18% increase in activity in 2025, despite an 8% decline in the Asia-Pacific region. JB Chemicals focuses on pharmaceutical products for various disorders and is headquartered in Mumbai, while Torrent Pharmaceuticals is based in Ahmedabad.

AppWizard

July 7, 2025

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

A concerning trend in mobile security shows that malicious applications and spyware are increasingly targeting Android users. Adware, particularly the Android.HiddenAds family, remains the most prevalent threat, despite a decrease in detections. The Android.MobiDash adware trojans have increased by over 11%. The Android.FakeApp malware, which disguises itself as legitimate applications, has seen a 25% decline in activity, primarily targeting Turkish and French-speaking users. The Android.Banker variant has surged by over 70%, indicating a rise in banking trojans. A large-scale crypto theft operation involved the Android.Clipper.31 trojan embedded in a modified WhatsApp version and low-cost Android firmware, which replaces cryptocurrency wallet addresses. Spyware named Android.Spy.1292.origin targets Russian military personnel through a counterfeit mapping application. Malicious applications continue to be found on Google Play, including adware disguised as cryptocurrency news apps and fake finance applications. The open nature of Android poses ongoing cybersecurity risks, even within official app stores.

AppWizard

April 25, 2025

Russian military personnel on the front lines targeted with new Android spyware

A sophisticated Android malware, identified as Android.Spy.1292.origin, targets Russian military personnel by disguising itself within a modified version of the Alpine Quest mapping application. This malware is designed to steal contacts and monitor locations, evading detection while collecting sensitive data such as the user's mobile phone number, contacts, current date, geolocation, information about files on the device, and the app's version. It is distributed through a dedicated Telegram channel and unofficial Android app repositories. The malware's modular architecture allows for updates that enhance its capabilities, particularly in extracting confidential documents exchanged via Telegram and WhatsApp.

AppWizard

April 24, 2025

Trojanized Alpine Quest app geolocates Russian soldiers

Russian soldiers are facing a digital threat from a modified Android application, Alpine Quest, which has been tampered with to track their locations and extract sensitive information. The malware, known as Android.Spy.1292.origin, was embedded in an older version of the app and distributed as a free upgrade to Alpine Quest Pro via a fraudulent Telegram channel. Once installed, the trojan collects various types of information, including geolocation, downloaded files, phone numbers, and app versions, and can download additional modules to exfiltrate specific files. Additionally, researchers at Kaspersky discovered a backdoor hidden in counterfeit software updates for ViPNet, a secure networking suite. The malware, disguised as msinfo32.exe, connects to a command-and-control server to steal files and deploy more malicious components. On the Ukrainian side, Russian operatives are conducting a phishing campaign targeting Ukrainian officials and allies, using social engineering tactics to hijack Microsoft 365 accounts. Attackers contact victims via messaging apps, invite them to video calls, and trick them into providing OAuth codes, granting access to their accounts.

Tech Optimizer

April 24, 2025

Meet Xata Agent: An Open Source Agent for Proactive PostgreSQL Monitoring, Automated Troubleshooting, and Seamless DevOps Integration

Xata Agent is an open-source AI assistant designed for PostgreSQL database site reliability engineering. It monitors logs and performance metrics to identify issues like slow queries and unusual connection counts, helping to maintain database integrity and performance. The tool automates tasks such as vacuuming and indexing and provides actionable recommendations through diagnostic playbooks and read-only SQL routines. The architecture is built as a Next.js application using TypeScript, organized in a monorepo structure. Developers can set up their environment using Node, install dependencies, and configure a local PostgreSQL instance with Docker Compose. Production deployment involves using Docker images and configuring environment variables in a production file. Key functionalities include proactive monitoring, configuration tuning, performance troubleshooting, safe diagnostics, cloud integration, alerting, LLM flexibility, and playbook customization. Developers can create new tools and integrate them into playbooks for cohesive workflows. Future plans include custom playbooks, support for Model Context Protocol, evaluation harnesses, approval workflows, and a managed cloud edition. The architecture promotes extensibility and community contributions, standardizing incident response and reducing human error in database management.

AppWizard

April 23, 2025

Russian army targeted by new Android malware hidden in mapping app

A new strain of Android malware, identified as 'Android.Spy.1292.origin' by Doctor Web, has been found in compromised versions of the Alpine Quest mapping application, which is popular among Russian soldiers for operational planning. Cyber attackers are distributing these trojanized versions as free alternatives to the premium app via Telegram channels and Russian app catalogs. The malware collects sensitive data, including the user's phone number, contacts, geolocation, and files, and can monitor real-time location changes. It also downloads additional modules to extract confidential files, particularly from Telegram and WhatsApp, and searches for location history logs within the app. This tactic is part of a broader trend of targeting military personnel for intelligence gathering, historically linked to Russian state-sponsored hacking operations.

AppWizard

April 23, 2025

Fake Alpine Quest Mapping App Spotted Spying on Russian Military

A malicious variant of the Alpine Quest navigation app has been identified, specifically targeting Russian military Android devices. Security experts from Doctor Web discovered that this modified app contains the Android.Spy.1292.origin spyware, which collects sensitive information and executes remote commands. The spyware is distributed as a free download through a deceptive Telegram channel, marketed as a premium version of the legitimate app. Upon installation, it transmits data such as the user's phone number, account details, contact list, geolocation data, and stored files to a remote server. It also communicates with a Telegram bot controlled by the attackers, providing updated location information. The spyware can download additional modules to extract specific content, particularly documents from messaging platforms like Telegram and WhatsApp. It searches for a file named locLog generated by Alpine Quest, which records user movements. Doctor Web advises against downloading apps from unofficial sources and warns that malicious applications can bypass review processes on official app stores. The identity of the group behind this campaign is unknown, but there are previous associations with Ukrainian hacktivist factions targeting Russian military personnel.