trojan Archives

AppWizard

March 19, 2026

RUSSIA Mammut virus hits Russia’s patriotic messaging app

A virus known as Mamont is targeting users of the messaging platform Max, which has 100 million registered profiles. Mamont infiltrates online banking applications and spreads primarily through family and parental chat groups, allowing cybercriminals to steal payment information. The virus often begins with a deceptive message prompting users to click, leading to the silent download of a Trojan that siphons off data. Despite claims from the Max press service that the virus's spread is exaggerated, concerns remain about the security of user data, particularly given that all communications on Max are monitored by the state. Many users resort to using a second device, referred to as Maxofon, to comply with the platform's requirements while keeping their primary device for other applications.

AppWizard

March 19, 2026

New Android malware hiding in streaming apps to spy on users’ personal notes

Researchers have discovered a sophisticated malware called Perseus that targets Android users by disguising itself within television streaming applications to steal sensitive information, including passwords and banking details. This malware, reported by ThreatFabric, primarily affects users in Turkey and Italy and is based on the leaked code of previous Android banking trojans, particularly Cerberus. Perseus masquerades as IPTV service apps, often downloaded from unofficial sources, and employs overlay attacks and keylogging techniques to capture user credentials. It specifically targets personal note-taking applications like Google Keep, Evernote, and Simple Notes to extract sensitive information stored within them. The malware landscape is evolving, with new threats like the banking trojan Herodotus and the Crocodilus variant, which can manipulate contact lists. Users are advised to be cautious when downloading applications from unofficial sources.

AppWizard

March 17, 2026

The FBI is investigating malware hidden inside games hosted on Steam

The FBI is investigating a hacker responsible for releasing several video games with embedded malware on the Steam platform. The suspected games include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. These games were developed over the past two years and posed risks to gamers who downloaded them. This incident follows a similar event from the previous year when malware-laden games were also uploaded to Steam. Neither Valve nor the FBI has commented on the investigation.

AppWizard

March 13, 2026

Did a Steam Game Give Your PC Malware? The FBI Wants to Know

The FBI has launched an investigation into malware threats associated with PC games on Steam, particularly targeting users from May 2024 to January 2026. The games identified include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova, all linked to malware incidents. For example, PirateFi was designed to steal browser cookies, Chemia updated itself with malicious software, and BlockBlasters was identified as a Trojan that siphoned cryptocurrency. The FBI's alert also mentions Lampy, which may harbor malware. Valve, the parent company of Steam, has not responded to inquiries but has warned users about the affected games. The investigation suggests a potential link to a single group or individual, with reports indicating that victims were lured through Telegram messages offering free game keys or job opportunities.

AppWizard

March 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have identified six new families of Android malware designed to extract sensitive data and facilitate financial fraud. Notable threats include: - PixRevolution: Targets Brazil's Pix payment platform, activates during Pix transfers, and uses real-time monitoring to intervene in transactions. Victims are tricked into installing malicious apps from counterfeit Google Play Store listings, which enable accessibility services for the malware to capture screens and overlay fake interfaces to reroute funds. - BeatBanker: Spreads through phishing attacks disguised as legitimate Google Play Store pages. It uses an inaudible audio loop for persistence, functions as a banking trojan, and includes a cryptocurrency miner. It creates deceptive overlays for platforms like Binance and Trust Wallet to divert funds and can monitor web browsers and execute remote commands. - TaxiSpy RAT: Exploits accessibility services to gather sensitive information such as SMS messages and call logs, targeting banking and cryptocurrency applications with overlays for credential theft. It employs advanced evasion techniques like native library encryption and real-time remote control. - Mirax: A private malware-as-a-service (MaaS) offering with a subscription model that provides tools for banking overlays and information gathering, including keystrokes and SMS. - Oblivion: Another Android RAT available at a competitive price, featuring capabilities to bypass security measures on various devices. - SURXRAT: Distributed through a Telegram-based MaaS ecosystem, it uses accessibility permissions for persistent control and communicates with a Firebase-based command-and-control infrastructure. Some samples incorporate a large language model component, indicating experimentation with AI by threat actors.

AppWizard

March 11, 2026

New BeatBanker Android malware poses as Starlink app to hijack devices

A newly identified Android malware called BeatBanker disguises itself as a Starlink application on fake Google Play Store websites. It functions as a banking trojan and includes Monero mining capabilities, allowing it to steal credentials and manipulate cryptocurrency transactions. Researchers at Kaspersky traced BeatBanker to campaigns targeting users in Brazil. The latest version uses the BTMOB RAT for remote access, enabling keylogging, screen recording, camera access, GPS tracking, and credential capture. BeatBanker is distributed as an APK file that decrypts and loads hidden code into memory, conducting environment checks before activation. It presents a fake Play Store update screen to trick users into granting permissions for additional payloads. To avoid detection, it delays malicious operations and plays a nearly inaudible MP3 file to maintain persistent activity. The malware uses a modified version of the XMRig miner to mine Monero on Android devices, connecting to mining pools through encrypted TLS connections. It can start or stop mining based on device conditions and uses Firebase Cloud Messaging to relay device information to its command-and-control server. Currently, BeatBanker infections have only been observed in Brazil, but there are concerns about its potential spread. Users are advised to avoid side-loading APKs from untrusted sources and to review app permissions regularly.

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Tech Optimizer

March 2, 2026

Is Bitdefender Antivirus Better Than McAfee? What Consumer Reports Data Says

Consumer Reports evaluates antivirus software, assigning ratings out of five across factors such as protection, ease of use, and data privacy, culminating in a score out of 100. Top contenders include Bitdefender, McAfee, Norton, Avira, and Avast. Bitdefender specializes in anti-malware protection and offers a free version, while McAfee is a full security suite with a subscription model. Bitdefender slightly outperforms McAfee in overall ratings, though both scored equally in six categories during lab tests. McAfee includes features like a firewall and password manager, which Bitdefender lacks. Consumer Reports also assessed Bitdefender's paid security suites, which include more features than the free antivirus version and outperform McAfee Total Protection in functionality. Bitdefender's suites include features like spam filters, parental controls, and banking protection, while Consumer Reports rates Bitdefender higher overall.

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.