traffic Archives

AppWizard

June 17, 2026

New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

Zimperium’s zLabs researchers have analyzed a newly identified Android banking trojan named Rokarolla, which targets 217 distinct banking and cryptocurrency applications. It is distributed through malicious websites that impersonate popular platforms like TikTok and Google Chrome, with one identified distribution point being hxxps://infocontablidades[.]it[.]com/. The malware uses a dropper disguised as Google Play Protect to install a second-stage payload and gain Accessibility Services access, allowing it to simulate user interactions and manipulate on-screen elements. Rokarolla downloads counterfeit HTML login pages for targeted applications and overlays them to capture user credentials, including sensitive card information. It can also deploy a fraudulent PIN entry screen, read and send SMS messages, intercept one-time codes from banks, and block incoming calls. The malware rewrites the clipboard, operates a keylogger and screen content logger, and scrapes WhatsApp contact data. It captures screenshots without alerting users and has a resilient command-and-control infrastructure with multiple fallback domains. No product flaws are exploited, and defenses against it include installing apps only from Google Play and being cautious with Accessibility Services. Zimperium’s Mobile Threat Defense and zDefend products can detect Rokarolla, and a list of indicators of compromise is available on their GitHub repository.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Tech Optimizer

June 16, 2026

Subscription twist: Norton 360 Deluxe adds more than just antivirus

Norton 360 Deluxe is a mid-tier security subscription from Gen Digital that offers antivirus protection, a VPN, a password manager, dark web monitoring, and parental controls for up to five devices. It includes real-time threat protection, a firewall, ransomware shielding, and cloud backup of up to 50 GB for Windows users. The parental controls, known as Norton Family, allow monitoring of children's online activities. The Secure VPN encrypts internet traffic on public Wi-Fi and masks IP addresses. The package also features PC SafeCam for webcam security and a smart firewall. Norton 360 Deluxe is marketed with a promotional first-year rate, with higher renewal prices, and is available through digital subscriptions, app stores, and major retailers. The product is designed for households and individuals seeking comprehensive security solutions.

AppWizard

June 15, 2026

Facebook, Messenger, Instagram outage trends on X

On the evening of June 12, 2026, users in the Philippines and globally reported widespread outages on Meta's platforms, including Facebook, Instagram, and Messenger. At approximately 8:54 a.m. US time, Downdetector recorded over 113,000 outage reports, with 56% related to the mobile app, 25% to login difficulties, and 13% to the website. Meta's communications director, Andy Stone, acknowledged the issue on X, stating the company was working to restore services. Users expressed confusion and humor about the situation, with many fearing their accounts had been hacked. The outage affected millions worldwide, and the spike in traffic to Downdetector's site caused it to temporarily crash. Users felt relief upon realizing the outages were a global issue rather than isolated incidents.

AppWizard

June 15, 2026

Samsung MAX VPN goes offline today, leaving Android users searching for alternatives

Samsung MAX VPN has officially reached its end of life as of June 15, 2026, leaving over 50 million users without its privacy and data-saving features. The app, which was designed to mask IP addresses and compress mobile data, will no longer function as intended unless uninstalled. Users are encouraged to seek third-party VPN alternatives for online security, as the app will remain on devices but will not provide any services. The Google Play Store offers numerous highly rated third-party VPN applications, including free options, and users should review logging policies and server locations to maintain privacy.

AppWizard

June 14, 2026

Facebook and Messenger hit by global outage

On June 12, users globally experienced significant disruptions on Facebook and Messenger starting around 7:45 PM Bangladesh time. Desktop users received an error message, while mobile app users faced frozen pages. Many were logged out of Messenger and saw an "Unable to log in" message. Initially, WhatsApp and Instagram appeared operational, but later reports indicated disruptions on Instagram and Threads, with the web version of WhatsApp also down for some users. Outage monitoring platforms Downdetector and Is It Down Right Now became inaccessible due to high traffic. By 8:18 PM, some users reported regained access to Facebook and Messenger, although issues persisted. Services for Facebook began restoring around 8:19 PM, with peak outage reports at 7:49 PM totaling 2,738 complaints. In the U.S., peak reports reached 113,843 at 7:55 PM. By the end of the evening, most services, including Facebook, Messenger, and WhatsApp, were accessible again, though sporadic issues remained for some users.

Winsage

June 13, 2026

Windows Server is getting new network safety capabilities with DNS over HTTPS

Microsoft has introduced DNS over HTTPS (DoH) on Windows Server 2025, enhancing network security by encrypting DNS traffic for client-to-server communications. This feature, previously available only in Windows client editions, is now part of Microsoft's Zero Trust architecture. DoH routes DNS traffic through HTTPS secured with TLS certificates, preventing eavesdropping and safeguarding DNS data from tampering. It adheres to the IETF DNS over HTTPS standard (RFC 8484) and can integrate with existing infrastructure, allowing organizations to maintain unencrypted DNS traffic if needed. DoH is available for Windows Server 2025 systems updated to the latest Patch Tuesday release, and Microsoft has provided guidance on enabling this feature. However, DNS traffic exchanged between two DNS servers will not be encrypted by DoH.

Winsage

June 13, 2026

Windows Server 2025 Adds DNS Over HTTPS for Secure DNS Traffic

Microsoft has rolled out support for DNS over HTTPS (DoH) in Windows DNS Server as part of the Windows Server 2025 update. This feature enhances the security of DNS communications through encryption and server authentication, allowing encrypted client-to-resolver traffic in on-premises DNS environments. DoH encrypts DNS queries and responses using HTTPS, protecting sensitive information from interception or alteration. It also uses digital certificates for DNS server authentication to reduce spoofing and impersonation risks. The feature is compatible with existing Windows DNS Server configurations and supports both encrypted and traditional DNS. DoH support is available on Windows Server 2025 with the June 9, 2026 update or newer. Administrators must configure a trusted TLS certificate and enable DoH in the DNS Server service to deploy this feature. Microsoft plans to extend encryption capabilities to include communication between the Windows DNS Server and upstream DNS resolvers in the future.

AppWizard

June 13, 2026

Facebook, Instagram, Messenger Outages: What We Know So Far

At 2:45 PM UK time, users experienced disruptions across Facebook and Messenger, encountering error messages. Other Meta services, including Instagram and WhatsApp, also faced issues globally. Meta's communications chief, Andy Stone, acknowledged the problem on X, stating they were working on it. By 3:38 PM UK time, some users reported regaining access to Facebook, while Messenger saw a spike in outages around 2:22 PM, which later decreased. Instagram had increased outage reports, while WhatsApp appeared to function normally. The cause of the outages is unclear, and Meta has not yet responded to inquiries. Meta services share server infrastructure, meaning issues can affect multiple platforms. In the past, Meta experienced a significant outage in 2021 due to an erroneous command affecting its network. The cause of the 2026 outages remains undetermined.