unknown sources Archives

AppWizard

April 14, 2026

Mirax RAT Targets Android Devices Through Meta Apps

Mirax is a remote access Trojan (RAT) targeting Android devices in Spanish-speaking countries, identified by Outpost24's KrakenLabs in early March. It propagates fraudulent advertisements on Meta-owned applications, allowing cybercriminals to gain initial access. Mirax can interact with compromised devices in real time, converting them into residential proxy nodes through ads on platforms like Facebook and Instagram. It uses SOCKS5 protocol and Yamux multiplexing to establish proxy channels and uncover victims' IP addresses. The malware captures keystrokes, steals sensitive data, executes commands, and monitors user activity. It employs overlay pages to steal credentials and orchestrates distribution through Meta ads and GitHub for malicious APK files. Users are tricked into enabling installations from "unknown sources," and the malware disguises itself behind video playback features. Additionally, a threat actor has been offering Mirax as a malware-as-a-service (MaaS) on illicit forums, with subscription prices starting at ,500 for three months. This service is described as highly controlled and exclusive, primarily targeting Russian-speaking actors in underground communities.

Tech Optimizer

April 3, 2026

Why I Use Additional Antivirus Protection on Top of Microsoft Defender

Microsoft Defender has evolved into a reliable security tool, integrating seamlessly with the Windows operating system and offering features such as real-time malware scanning, cloud-based threat intelligence, collaboration with the Windows firewall, and ransomware protections. It receives automatic updates through Windows Update, providing users with up-to-date threat definitions. While Defender is sufficient for users with straightforward online activities, those engaging in riskier behaviors or handling sensitive information may benefit from additional protection. Some antivirus solutions offer features that Defender lacks, such as enhanced web protections, phishing defenses, and parental controls. The text mentions that the author uses Bitdefender alongside Microsoft Defender for added security, citing its stronger web protections and broader range of tools. It emphasizes that effective security also relies on user habits, including keeping software updated, avoiding suspicious downloads, using strong passwords, and regularly backing up data.

AppWizard

March 29, 2026

Google just gave Android power users a huge sideloading win

Google is implementing a mandatory 24-hour waiting period for installing applications from unverified developers on Android devices to enhance security and deter scams. Users can still bypass this waiting period by using ADB commands or by permanently enabling installations from unverified developers. Once users complete the process to lift restrictions on installing apps from unverified developers, they can carry this option over to new devices without needing to repeat the process. The new advanced flow for this installation method will begin rolling out for Android users in August.

AppWizard

March 20, 2026

Google Unveils New Process For Installing Unverified Android Apps

Google is implementing stricter measures for installing Android applications outside of its Play Store, requiring all apps to be signed by verified developers. Users will now access the Allow Unverified Packages setting through Developer Options, with a 24-hour security delay after device restarts. A limited free developer account option allows only 20 device installations, with a fee and government-issued ID required for more. These changes will affect third-party app stores, which must also comply with the new verification requirements. Scammers may still find ways to bypass these restrictions.

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

BetaBeacon

March 17, 2026

How to Play Original Xbox Games On Android : Requirements, Install Steps & Tweaks

The X1 Box emulator allows Android devices to run original Xbox games, requiring specific requirements such as Android 8+, a 64-bit ARM processor, Vulkan-compatible GPU, and at least 8GB of RAM. Additional features like save states, controller support, and shader caching enhance gameplay, while limitations such as app crashes and performance variability may occur on less powerful devices.

AppWizard

March 16, 2026

Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services

Android 17 has introduced Advanced Protection Mode (AAPM) to enhance user security by preventing non-accessibility applications from using the Accessibility API, which has been exploited by malware. AAPM allows only verified accessibility tools to utilize the API and implements stricter security settings, including blocking installations from unknown sources, limiting USB data access, and mandating Google Play Protect scans. Applications must declare themselves as accessibility tools with the attribute isAccessibilityTool="true" to use the Accessibility Services API. Additionally, Android 17 features a new contacts picker that allows applications to request access to specific contact fields instead of the entire address book, enhancing user privacy.

AppWizard

March 16, 2026

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is piloting a security enhancement in its Android Advanced Protection Mode (AAPM) that restricts certain applications from using the accessibility services API. This update is part of Android 17 Beta 2. AAPM, introduced in Android 16, enhances device security by blocking app installations from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. Developers can integrate with AAPM through the AdvancedProtectionManager API to adapt their apps based on the security mode's status. The new restriction prevents non-accessibility apps from accessing the accessibility services API, allowing only verified accessibility tools like screen readers and voice-based input tools. Non-accessibility apps, including antivirus software and password managers, will have their access revoked when AAPM is activated, and users cannot grant permissions to these apps unless AAPM is disabled. Additionally, Android 17 introduces a new contacts picker feature that allows developers to specify which fields to access from a user's contact list, providing more granular control over data access.

AppWizard

March 13, 2026

Google’s Android boss talks Android 17, sideloading drama, and why he hates phone cases

MWC (Mobile World Congress) in Barcelona is a significant event for the tech industry, where companies unveil new hardware and showcase emerging ideas. At MWC 2026, Sameer Samat, President of the Android Ecosystem, discussed the evolution of Android, particularly focusing on Android 17, which aims to transition from an operating system to an intelligent system. This version will integrate AI capabilities through Gemini, allowing for more intuitive task management. Android 17 will introduce early agentic capabilities, initially available in a beta feature for select devices, enabling users to automate multi-step tasks. Samat confirmed that Google has no plans to remove sideloading, despite concerns about app security. Upcoming changes to sideloading will focus on verifying app identities to protect users from malicious apps while still allowing power users to install unverified software. He emphasized the importance of balancing openness and safety in the Android platform. Samat expressed excitement about current Android phones, highlighting trends in foldable devices and praising models from brands like Motorola and Nothing for their appeal to younger consumers. He mentioned using a Galaxy Z Fold 7 for work and a Pixel 10 Pro for personal use, noting the beauty of the devices and his preference not to use cases.

AppWizard

February 19, 2026

PromptSpy Android Malware Abuses Google Gemini to Automate Recent-Apps Persistence

Cybersecurity researchers have identified a new Android malware named PromptSpy that utilizes Google's Gemini AI chatbot to enhance its capabilities and persistence on infected devices. PromptSpy can capture lockscreen data, obstruct uninstallation, gather device information, take screenshots, and record screen activity. It integrates Gemini to analyze the current screen and provide instructions to keep the malware active in the recent apps list. The malware uses a hard-coded AI model and communicates with a command-and-control server via the VNC protocol, allowing remote access to the victim's device. It is financially motivated, targeting users in Argentina, and was developed in a Chinese-speaking environment. PromptSpy is distributed through a dedicated website and is considered an advanced version of a previously unidentified malware called VNCSpy.