trusted applications Archives

Winsage

January 31, 2026

Windows security breaks ROG Xbox Ally handheld game consoles

Microsoft's Windows Smart App Control feature has flagged essential software components of the Asus ROG Xbox Ally gaming handheld as untrustworthy following a recent update to Windows 11. This issue affects the Armoury Crate CE software, which manages the hardware functionality of the device, leading to difficulties in launching games outside of the Xbox app and adjusting performance settings. The problem may stem from inadequate configuration of certificates by Asus or the need for an update to Microsoft's trusted application database. Many Windows 11 PCs do not have Smart App Control activated, and users can disable it through SETTINGS > APP AND BROWSER CONTROLS > SMART APP CONTROL SETTINGS. If users choose to disable it, they may later need to reset or reinstall Windows to reactivate Smart App Control. ROG Xbox Ally owners are currently faced with the choice of waiting for a fix or disabling the security feature.

Tech Optimizer

December 25, 2025

New malware can read your chats and steal your money

The Android banking trojan Sturnus has emerged as a significant cybersecurity threat, capable of taking control of a device's screen, stealing banking credentials, and accessing encrypted communications from trusted applications. It operates stealthily, capturing decrypted messages without breaking encryption. To protect against Sturnus, users should employ robust antivirus software, be vigilant with app prompts, and exercise caution with links and attachments, as malware is often spread through these channels. Attackers can remotely control devices to execute financial transactions without user knowledge.

Winsage

December 18, 2025

Microsoft Eases Windows 11 Smart App Control with Toggle Option

Microsoft's Smart App Control feature in Windows 11 is designed to evaluate and block potentially harmful applications by cross-referencing them against a database of known safe software. Initially, it required a clean installation to enable or disable, which hindered its adoption. Recent updates have removed this requirement, allowing users to toggle the feature on or off directly through the Windows Security app without a system reset. This change addresses user complaints and enhances usability, particularly for developers and IT professionals managing multiple devices. The feature employs artificial intelligence for real-time decisions on app safety and integrates with other Microsoft security tools. Feedback from the tech community has been positive, highlighting the update as a significant improvement in balancing security and user flexibility.

AppWizard

December 17, 2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) called Cellik has appeared on underground cybercrime forums, offering capabilities for a subscription fee of 0 per month or a one-time payment of ,000 for lifetime access. This malware can be embedded into any app on the Google Play Store, creating trojanized versions of popular applications while maintaining the original app's interface. Cellik includes features such as real-time screen capture, interception of app notifications, filesystem access, data wiping, and secure communication with a command-and-control server. It also has a hidden browser mode that allows attackers to use the victim's stored cookies and an app injection system for overlaying fake login screens. The malware can inject payloads into installed apps, complicating detection. Cellik is designed to bypass Google Play security features, raising concerns about the effectiveness of automated reviews and device-level scanners.

AppWizard

November 26, 2025

Zimperium research reveals security risks inside Android apps

Zimperium's zLabs team has revealed that many popular Android applications still use an outdated mapping component, libmapbox-gl.so, which was deprecated in 2023. This legacy library is embedded in thousands of active applications, including leading travel, airline, and weather apps, and contains known security vulnerabilities that could be exploited by malicious actors. Zimperium is working with Google through the App Defense Alliance to improve app security and advises developers to switch to Mapbox Maps SDK v10+ or MapLibre. Their analysis found that thousands of Android apps contain the vulnerable library, with 40% of these apps ranking among the top 20 in their Play Store categories, posing significant risks for employee devices and enterprise security.

Winsage

November 19, 2025

Windows 11’s November Insider update brings new features and reveals a new version

Microsoft has unveiled several preview builds for Windows 11 in November 2025, including versions 25H2 and 26H1. The notable updates include: - Windows 11 build 26220.7070 introduces a redesigned Widgets board with a new "Discover" section, improved navigation, and alert badges on icons. - The Quick Machine Recovery feature now scans for fixes only once and offers alternative recovery options if no solution is found. - Smart App Control can now be toggled on or off without reinstalling Windows 11. - New widget options have been added to the Lock Screen settings, allowing customization of displayed widgets. - A drag tray feature in the Canary Channel simplifies file sharing from File Explorer or the desktop. - Build 28000 in the Canary Channel is the first preview of Windows 11 version 26H1, focusing on compatibility with newer hardware. - New agentic AI components are being integrated into Windows 11, allowing applications like Copilot to automate tasks. - Haptic feedback capabilities have been introduced for digital pen users. - The Narrator and Magnifier features now use high-definition voices for improved clarity and support structured math reading in Word.

Winsage

November 18, 2025

Microsoft Unveils Windows 11 Security, Resilience Features

Microsoft is enhancing the security framework of Windows through the Secure Future Initiative, focusing on trust, privacy, and enterprise controls. Key features include the introduction of Post-Quantum Cryptography (PQC) APIs for quantum-safe encryption, and an upgrade to BitLocker with hardware-accelerated support for improved disk encryption, set to roll out on new Windows 11 devices in Spring 2026. Microsoft is also integrating passkey manager support with Windows Hello, allowing users to choose from various passkey managers. Windows 11 employs App Control for Business to ensure only trusted applications run, while Microsoft Intune’s Managed Installer helps IT teams manage business applications. Additionally, Sysmon functionality will be integrated into Windows 11 and Windows Server 2025 for better threat detection. Microsoft is implementing Zero Trust DNS for encrypted name resolution and supporting Wi-Fi 7 for Enterprise with WPA3-Enterprise authentication. The Windows Resiliency Initiative (WRI) includes stricter driver standards, a shift in antivirus enforcement from kernel to user mode, and new safeguards like driver isolation and DMA remapping to enhance system stability.

Tech Optimizer

November 17, 2025

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

The threat actor Dragon Breath, also known as APT-Q-27 and Golden Eye, has been observed using a multi-stage loader called RONINGLOADER to deploy a modified variant of the remote access trojan Gh0st RAT, primarily targeting Chinese-speaking users. The campaign employs trojanized NSIS installers disguised as legitimate applications, such as Google Chrome and Microsoft Teams. The infection chain utilizes various evasion techniques, including a legitimately signed driver, custom Windows Defender Application Control policies, and manipulation of the Microsoft Defender binary. RONINGLOADER's attack chain involves delivering a DLL and an encrypted file labeled "tp.png," which contains shellcode. It attempts to neutralize security products by terminating processes associated with popular antivirus solutions in the region. Specific actions are taken against Qihoo 360 Total Security, including blocking network communication, injecting shellcode into the Volume Shadow Copy service, and restoring firewall settings. For other security processes, RONINGLOADER directly writes a driver to disk to perform process termination. The malware aims to inject a rogue DLL into "regsvr32.exe" to conceal its activities and launch a next-stage payload into high-privilege system processes. The final payload is a modified version of Gh0st RAT, capable of communicating with a remote server, configuring Windows Registry keys, clearing Windows Event logs, and capturing keystrokes and clipboard contents. Additionally, two interconnected malware campaigns identified by Palo Alto Networks Unit 42 employed brand impersonation to deliver Gh0st RAT to Chinese-speaking users. The first campaign, Campaign Trio, occurred between February and March 2025, while the second, Campaign Chorus, detected in May 2025, impersonated over 40 applications. Both campaigns utilized complex infection chains and trojanized installers hosted on domains that circumvented network filters. The second campaign also involved an embedded Visual Basic Script for launching the final payload through DLL side-loading.

Tech Optimizer

November 13, 2025

Antivirus is dead. Or is it?

Lukas Pelser from Sophos discusses the complex relationship users have with antivirus software, often seen as necessary but criticized as bloatware due to frequent notifications. The legacy of John McAfee influences public perception of antivirus solutions. While some believe digital safety relies on common sense, this approach is inadequate in corporate environments where security practices may be lax. Antivirus software has evolved since the 1970s from detecting known malware to struggling against sophisticated cybercriminal tactics. This evolution highlights the need for businesses to update their cybersecurity strategies to address shifting threats effectively.

AppWizard

October 15, 2025

Android’s Strandhogg 2.0 Vulnerability Enables App Hijacking and Data Theft

A recently discovered vulnerability in Android devices, named Strandhogg 2.0, allows malicious applications to hijack legitimate ones and extract sensitive information without user awareness. This flaw affects nearly all devices running Android 9.0 or older, exploiting weaknesses in app permissions and task management. Attackers can overlay deceptive interfaces on trusted applications, capturing user credentials in real time. The vulnerability poses risks not only to individual users but also to enterprises relying on Android, as sensitive business data could be compromised. Google has acknowledged the issue and issued patches, but the slow rollout means many devices remain exposed. Users are advised to update their devices and scrutinize app permissions, while developers should implement stronger authentication mechanisms. The incident may lead to regulatory scrutiny for stricter security standards in the mobile sector.