threats Archives

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 12, 2026

Android Apps on Windows 11: Safe Alternatives After WSA

In 2025, Microsoft announced it would discontinue support for the Windows Subsystem for Android (WSA), making Android applications non-functional on Windows 11. This decision surprised many users in Indonesia who relied on these applications. HP developed a guide outlining secure alternatives to WSA, which included reputable Android emulators like BlueStacks, LDPlayer, and NoxPlayer, as well as native Windows alternatives such as Microsoft Teams and Microsoft 365 apps. Users were advised against unverified APK sideloading, unofficial emulators, and modified apps due to security risks. Microsoft’s end of support means no further security updates or bug fixes will be provided, and integration with the Amazon Appstore will cease. Users can continue using WSA apps, but they will be exposed to potential security threats. To migrate data from WSA, users were instructed to inventory apps, research alternatives, and export app data before performing a clean uninstall. Best practices for running Android apps safely on Windows included downloading from official sources and keeping software updated.

AppWizard

May 12, 2026

DIRECTIVE 8020 Launches Today on PlayStation 5, Xbox Series X|S and PC (Steam)

Supermassive Games has released Directive 8020, a narrative sci-fi survival horror game available on PS5, Xbox Series X|S, and PC (Steam). The game is set on Tau Ceti f, where the colony ship Cassiopeia crash-lands, and the crew encounters a mimicking alien organism. Players face moral dilemmas and must navigate trust issues while making decisions that affect character survival. The game features a new Turning Points story tree, real-time alien threats, and a couch co-op Movie Night mode for up to five players, with online multiplayer planned for a future update. Lashana Lynch voices pilot Brianna Young in the game.

Tech Optimizer

May 12, 2026

Trend Micro Inc stock (JP3180400008): Trading at premium to fair value estimate

Trend Micro Inc (TSE: 4704) is trading at ¥6,178.00, which is a 698% premium over Morningstar's estimated fair value of ¥8,415.77 for May 2026. The company specializes in cybersecurity solutions, including antivirus software and cloud security, with a subscription-based business model. Its core markets include Japan, North America, Europe, and Asia-Pacific, with significant revenue from enterprise security solutions like the Trend Micro Vision One XDR platform. The company has a Price/Earnings ratio of 20.02, a Quick Ratio of 1.10, and a Return on Assets of 13.52%. The rising demand for cybersecurity, particularly in North America, is a key revenue driver. Trend Micro's portfolio includes AI-powered threat intelligence and mobile security solutions, targeting sectors like finance and healthcare. The company is positioned favorably against competitors and offers U.S. investors access through American Depository Receipts (ADRs).

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

This week in PC games: Subnautica 2 early access, a Battlestar Galactica roguelite, and Directive 8020 disproving the old saying about space and screaming

Edwin, the news editor, has chosen to spend his morning away from work, avoiding the usual adventure involving the Maw. Upcoming PC game releases include: - Outbound: A crafting-centric van life simulator. - Battlestar Galactica: Scattered Hopes: A roguelite strategy game. - Greenhearth Necromancer: A semi-idle sim combining urban farming and magic. - Don't Panic! It is Just Turbulence: A co-op experience navigating a cockpit. Notable horror and adventure titles set to release are: - Directive 8020: A horror game set in a sci-fi space colony. - Call of the Elder Gods: A Lovecraftian-themed sequel to Call of the Sea. - Elfie: A Sand Plan: A creative game about building sandcastles. Significant developments in gaming include: - Subnautica 2: Launching in early access after legal challenges. - Hotel Architect: Officially launching after a successful early access period. - RoadOut: A pixel art action-RPG combining shooting mechanics with driving. - American Truck Simulator – Illinois: An expansion completing Route 66. - The Caribou Trail: A narrative-driven game about World War I soldiers. Julian is looking forward to transitioning away from Trello, the guides team is focused on Subnautica 2, and Mark is engaged with a racing title under embargo.

AppWizard

May 11, 2026

Jewish teen subjected to antisemitic slurs on Minecraft, inquiry told

A Perth teenager shared his experience of online bullying during a Royal Commission on Antisemitism and Social Cohesion hearing, detailing how classmates hurled antisemitic slurs at him while playing Minecraft. He felt isolated and distressed, confiding in his parents, who reported the bullying to the school. The school addressed the situation, leading to apologies from the students involved. The boy's mother expressed concerns about rising antisemitism, drawing parallels to her past experiences in the former Yugoslavia. Rabbi Menachem Dadon honored his friend Rabbi Eli Schlanger, who was killed in a shooting attack. Julie Nathan from the Executive Council of Australian Jewry reported a 316 percent increase in antisemitic incidents from 2023 to 2024, with over 1,600 incidents recorded in the past year. Musician Joshua Moshe faced online abuse after discussing Jewish history in a WhatsApp group, leading to threats and vandalism. Musician Deborah Conway experienced backlash and harassment after comments about military actions in Gaza, resulting in canceled gigs and protests. The Royal Commission continues to investigate antisemitism, having received over 9,600 submissions, primarily from Jewish individuals.

Winsage

May 11, 2026

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection tools have typically been divided between Windows and Linux, with Windows solutions focused on Sysmon and Linux solutions on eBPF or auditd. Rustinel is a Rust-based endpoint agent that consolidates these efforts by gathering telemetry from both operating systems using ETW on Windows and eBPF on Linux, normalizing the data into a unified model. It evaluates the information against Sigma rules, YARA signatures, and atomic indicators of compromise, storing alerts in ECS-compatible NDJSON format for integration with SIEM or log-analysis platforms. Rustinel supports a range of events on Windows, including process creation, network activity, and PowerShell executions, while Linux support currently includes process, network, file, and DNS telemetry. It operates in user mode on both platforms, requiring specific conditions for installation. Unlike commercial EDR solutions that use kernel drivers, Rustinel's user-mode design prioritizes simplicity and stability, although it acknowledges limitations in tamper resistance and visibility. The agent utilizes three detection engines: Sigma for behavioral matching, YARA for scanning executables, and an IOC engine for deterministic checks. While it leverages existing content familiar to defenders, it has coverage gaps for certain advanced threats. Rustinel is available on GitHub under the Apache 2.0 license.

Winsage

May 10, 2026

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Between May 6 and May 7, 2026, the official JDownloader website was compromised in a supply chain attack, leading to the distribution of malicious installers for Windows and Linux users. Attackers altered download links, redirecting users to harmful files, specifically targeting the Windows “Alternative Installer” and the Linux shell installer. A Reddit user reported the issue after Microsoft Defender flagged the installers as malicious, noting unusual developer names instead of the expected publisher, AppWork GmbH. JDownloader developers confirmed the breach and temporarily took down the website for investigation, revealing that an unpatched vulnerability in the content management system allowed the attackers to modify download pages. The genuine installer packages were not altered, and the malicious links were removed. The website was restored on May 8–9, 2026, with verified clean installer links. Indicators of compromise included specific hashes and compromised URLs related to the attack.

Tech Optimizer

May 10, 2026

‘People use smartphones more but invest less in their security’: New report claims McAfee and Norton remain the most loved antivirus brands as users ditch lesser-known security products for free tools like Microsoft Defender or Apple Xprotect

Recent findings indicate that only 18% of American smartphone users invest in third-party antivirus software, despite the increasing reliance on mobile devices. A survey of over 1,000 adults revealed a significant gap in mobile security awareness. The adoption of paid antivirus solutions on computers has increased by 2% to 41%, while the use of third-party antivirus on mobile devices has decreased by approximately 10%, from 28% to 18%. Although ransomware attacks on smartphones are less common, many users may underestimate modern cyber threats. A considerable number of mobile users remain unprotected or unsure about their device security measures.