User Credentials Archives

Tech Optimizer

December 3, 2025

Wacatac Trojan: What Is It And How To Remove It

The Wacatac Trojan is a type of malware first documented in January 2020, known for disguising itself as benign software to trick users into installation. It operates under various aliases, including Trojan:Script/Wacatac and Trojan:Win32/Wacatac, and can connect to Command-and-Control (C2) servers for remote manipulation. Its capabilities include stealing credentials, evading antivirus detection, creating or joining botnets, causing system damage, enabling spyware functions, acting as Remote Access Tools (RATs), and downloading additional malware. Symptoms of infection include sluggish performance, program failures, unexplained storage reductions, and unfamiliar processes. Wacatac spreads through unofficial software, malicious web pages, and phishing emails. Removal is best achieved using reputable antivirus software, while prevention involves avoiding questionable downloads, practicing good digital hygiene, keeping software updated, backing up data, and using quality antivirus solutions. False positives can occur, where legitimate programs are mistakenly flagged as Wacatac.

Tech Optimizer

November 16, 2025

TikTok malware scam tricks you with fake activation guides

Cybercriminals are exploiting TikTok to deceive users by presenting malicious downloads as free activation guides for popular software, including Windows and Microsoft 365. Security expert Xavier Mertens identified this campaign, which involves TikTok videos showcasing PowerShell commands that mislead users into executing them as administrators. These commands redirect users to a malicious website, downloading Aura Stealer malware that extracts saved passwords, cookies, and other sensitive information. This scam employs a ClickFix attack, making victims believe they are following legitimate instructions. The PowerShell command links to a remote domain, slmgr[.]win, which retrieves harmful executables hosted on Cloudflare, including updater.exe, a variant of Aura Stealer. Another file, source.exe, executes code in memory, complicating detection. To protect against these scams, users should avoid executing commands from TikTok, download software from trusted sources, keep security tools updated, use strong antivirus software, consider data removal services, reset credentials if compromised, use unique passwords, and enable multi-factor authentication.

Tech Optimizer

November 13, 2025

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have identified a malware campaign using the ClickFix social engineering technique to spread information-stealing malware on Windows and macOS. The campaign targets users searching for cracked software, leading them to malicious Google-hosted landing pages. Victims encounter fake security warnings that prompt them to execute a malicious command, resulting in the installation of infostealer malware. Windows users receive the ACR stealer, while macOS users get the Odyssey stealer, both delivered in password-protected ZIP files. ACR also loads additional malware like SharkClipper, which hijacks cryptocurrency clipboard data. The campaign has seen a 700% increase in ACR logs in May 2025, with ClickFix becoming the most common initial access method, accounting for 47% of all initial access schemes. The malware collects various user data, including passwords and cryptocurrency wallets, and operates in a fileless manner to evade detection. Security experts advise against executing unverified commands and recommend enhancing endpoint detection capabilities to combat these threats.

AppWizard

October 25, 2025

OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk?

Mobile applications account for 70% of global interactions, with over 6.8 billion smartphone users. In 2023, 40% of data breaches are linked to vulnerabilities in mobile applications. The OWASP Mobile Top 10 outlines critical security risks for mobile apps, including: 1. Improper Credential Usage: Mishandling of passwords and session tokens. 2. Inadequate Supply Chain Security: Risks from unverified third-party components. 3. Insecure Authentication/Authorization: Failures in verifying user identities. 4. Insufficient Input/Output Validation: Lack of checks on incoming and outgoing data. 5. Insecure Communication: Unprotected data during transmission. 6. Inadequate Privacy Controls: Poor safeguards for personal data. 7. Insufficient Binary Protections: Lack of defenses against reverse engineering. 8. Security Misconfiguration: Improperly secured application settings. 9. Insecure Data Storage: Weak protection of sensitive information on devices. 10. Insufficient Cryptography: Use of weak or improperly implemented encryption. AutoSecT, an AI-driven mobile app security testing platform, detects these risks through various methods, including static code analysis, software composition analysis, and dynamic testing. It helps developers identify and mitigate vulnerabilities effectively.

Tech Optimizer

October 20, 2025

TikTok Videos Spread ClickFix Malware, Stealing User Credentials

Cybercriminals are increasingly using TikTok to spread malware through seemingly harmless videos that promise free software activations for applications like Windows, Spotify, or Netflix. These videos employ a technique called ClickFix, which tricks users into executing harmful PowerShell commands that install infostealers, compromising sensitive information such as login credentials and financial data. The malware can self-compile on the victim's device, making it harder to detect. Reports indicate a shift in these tactics from platforms like YouTube and Meta to TikTok, with over 30,000 websites compromised in related DNS malware campaigns. Artificial intelligence is also being used to create deceptive videos that resemble legitimate content, complicating the identification of malicious material. Android users face similar threats from apps impersonating popular services, such as WhatsApp or TikTok. Experts recommend enabling two-factor authentication, using reputable antivirus software, avoiding unverified commands, and adjusting privacy settings on TikTok to mitigate these risks.

AppWizard

October 15, 2025

Android’s Strandhogg 2.0 Vulnerability Enables App Hijacking and Data Theft

A recently discovered vulnerability in Android devices, named Strandhogg 2.0, allows malicious applications to hijack legitimate ones and extract sensitive information without user awareness. This flaw affects nearly all devices running Android 9.0 or older, exploiting weaknesses in app permissions and task management. Attackers can overlay deceptive interfaces on trusted applications, capturing user credentials in real time. The vulnerability poses risks not only to individual users but also to enterprises relying on Android, as sensitive business data could be compromised. Google has acknowledged the issue and issued patches, but the slow rollout means many devices remain exposed. Users are advised to update their devices and scrutinize app permissions, while developers should implement stronger authentication mechanisms. The incident may lead to regulatory scrutiny for stricter security standards in the mobile sector.

AppWizard

September 24, 2025

Banking Trojans Targeting Android Users Disguise as Government and Trusted Payment Apps

Since August 2024, a financially motivated threat group has targeted Android users in Indonesia and Vietnam by deploying banking trojans disguised as legitimate government identity and payment applications. The campaign utilizes intricate download mechanisms, reuses existing infrastructure, and employs template-based spoofed sites to evade detection while stealing user credentials. Researchers identified the campaign through suspicious HTML elements on counterfeit Google Play Store pages, with notable domains like icrossingappxyz[.]com featuring deceptive download buttons. The download process involved a WebSocket connection that streamed the .apk file in chunks, effectively bypassing network security filters. The downloaded file, often named IdentitasKependudukanDigital.apk, contained a variant of the BankBot.Remo trojan. Additionally, simpler spoofed sites imitated popular regional applications, such as a clone of the M-Pajak tax-payment app hosted on twmlwcs[.]cc, which was also identified as a BankBot loader. Other variants were found on domains like dgpyynxzb[.]com and ykkadm[.]icu, masquerading as legitimate banking applications. Over the past year, researchers identified over 100 domains associated with this campaign, primarily utilizing Alibaba ISP and registered through Gname.com Pte. Ltd. The operational patterns revealed a focus on Indonesian and Vietnamese victims, with domain registration and DNS queries peaking during Eastern Asia daytime hours. The campaign combines advanced obfuscation techniques with mass-template spoofing to circumvent security controls, highlighting the need for user vigilance and monitoring of unusual WebSocket traffic.

Winsage

September 11, 2025

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft addressed 80 vulnerabilities in its software, with eight classified as Critical and 72 as Important. None of these vulnerabilities have been exploited as zero-day threats. The vulnerabilities include 38 related to privilege escalation, 22 concerning remote code execution, 14 linked to information disclosure, and three associated with denial-of-service attacks. Notable vulnerabilities include CVE-2025-55234 (CVSS score: 8.8), which involves privilege escalation in Windows SMB, and CVE-2025-54914 (CVSS score: 10.0), a critical flaw affecting Azure Networking. Other significant vulnerabilities include CVE-2025-55232 (CVSS score: 9.8) in Microsoft HPC Pack and CVE-2025-54918 (CVSS score: 8.8) affecting Windows NTLM. Two additional privilege escalation vulnerabilities in Windows BitLocker were also identified. Microsoft recommends enabling TPM+PIN for BitLocker security and implementing the REVISE mitigation to prevent downgrade attacks. Other vendors, including Adobe, Cisco, and IBM, have also released security patches recently.

AppWizard

September 9, 2025

New RatOn Android Malware Targets Banking Apps and Crypto Wallets via NFC Attacks

A new strain of Android malware called RatOn was identified on July 5, 2025, targeting banking applications and cryptocurrency wallets, particularly in the Czech Republic. It integrates near-field communication (NFC) relay attacks with automated transfer system (ATS) capabilities, allowing attackers to hijack devices and execute unauthorized transactions. RatOn builds on tactics from previous malware like PhantomCard and employs overlay attacks to capture user credentials. It gains root-level access through vulnerabilities such as KernelSU, enabling call hijacking to bypass two-factor authentication. RatOn specifically targets local banking applications and cryptocurrency wallets, scanning for wallet apps and extracting private keys. Defending against RatOn involves enabling app sideloading restrictions, using reputable antivirus software, and monitoring NFC settings, while banks are enhancing anomaly detection systems. The emergence of RatOn raises concerns about mobile security globally, with calls for stricter app store vetting and improved NFC protocols. Experts predict that future malware will increasingly use AI-driven adaptations, complicating detection efforts.

AppWizard

August 29, 2025

Threat Actors Weaponizing Facebook Ads with Free TradingView Premium App Lures That Delivers Android Malware

Cybersecurity researchers have identified a sophisticated malvertising campaign targeting Android users on Meta’s Facebook platform, promoting a fake TradingView Premium application through deceptive ads. Clicking these ads leads users to download a malicious APK that installs a crypto-stealing trojan, which exploits accessibility features to harvest user credentials and bypass two-factor authentication. The campaign, discovered on July 22, 2025, has spread across Europe, utilizing cloned webpages and localized messages in multiple languages to enhance credibility. The malware employs a multi-stage infection process, dynamically loading its payload to evade detection and maintaining persistence by re-enabling accessibility services and hiding its icon. By August 22, at least 75 unique ads had been identified, reaching tens of thousands of users in the EU.