User Credentials Archives

Winsage

January 1, 2026

WinBoat is an open source tool that lets you seamlessly run Windows applications on Linux.

WinBoat is an open-source tool that enables users to run Windows applications natively on Linux systems through virtualization technology. It can be tested on an Ubuntu 24.04 Linux PC using Docker and FreeRDP. Users can download WinBoat as an AppImage, grant execution permissions, and follow installation steps that include specifying installation location, Windows version, language, and system resource allocation. Key features include a refined interface, automatic installation, universal application support, file system integration, USB pass-through support, future GPU support plans, and compatibility with Podman. As of December 2025, WinBoat is in beta and may have bugs. User feedback has been mixed, with some comparing it to a Windows virtual machine and noting issues like browser freezing and the need for a Windows license.

AppWizard

December 18, 2025

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

A new Android malware campaign has been launched by the North Korean threat actor Kimsuky, introducing a variant called DocSwap. This malware is distributed via QR codes on phishing websites that impersonate CJ Logistics. Attackers use QR codes and notification pop-ups to lure victims into downloading the malware, which decrypts an embedded APK and activates Remote Access Trojan (RAT) capabilities. The malicious app is disguised as a legitimate application to bypass Android's security measures. Victims are tricked into installing the app through smishing texts or phishing emails that mimic delivery companies. The app downloads an APK named "SecDelivery.apk," which then loads the malware. It requests permissions to access various device functions and registers a service that simulates an OTP authentication screen. The app connects to an attacker-controlled server, allowing execution of commands such as logging keystrokes, capturing audio, and gathering sensitive information. Additionally, two other malicious samples have been identified, disguised as a P2B Airdrop app and a trojanized version of the BYCOM VPN app. The campaign also includes phishing sites mimicking popular South Korean platforms to capture user credentials.

AppWizard

December 17, 2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) called Cellik has appeared on underground cybercrime forums, offering capabilities for a subscription fee of 0 per month or a one-time payment of ,000 for lifetime access. This malware can be embedded into any app on the Google Play Store, creating trojanized versions of popular applications while maintaining the original app's interface. Cellik includes features such as real-time screen capture, interception of app notifications, filesystem access, data wiping, and secure communication with a command-and-control server. It also has a hidden browser mode that allows attackers to use the victim's stored cookies and an app injection system for overlaying fake login screens. The malware can inject payloads into installed apps, complicating detection. Cellik is designed to bypass Google Play security features, raising concerns about the effectiveness of automated reviews and device-level scanners.

Tech Optimizer

December 3, 2025

Wacatac Trojan: What Is It And How To Remove It

The Wacatac Trojan is a type of malware first documented in January 2020, known for disguising itself as benign software to trick users into installation. It operates under various aliases, including Trojan:Script/Wacatac and Trojan:Win32/Wacatac, and can connect to Command-and-Control (C2) servers for remote manipulation. Its capabilities include stealing credentials, evading antivirus detection, creating or joining botnets, causing system damage, enabling spyware functions, acting as Remote Access Tools (RATs), and downloading additional malware. Symptoms of infection include sluggish performance, program failures, unexplained storage reductions, and unfamiliar processes. Wacatac spreads through unofficial software, malicious web pages, and phishing emails. Removal is best achieved using reputable antivirus software, while prevention involves avoiding questionable downloads, practicing good digital hygiene, keeping software updated, backing up data, and using quality antivirus solutions. False positives can occur, where legitimate programs are mistakenly flagged as Wacatac.

Tech Optimizer

November 16, 2025

TikTok malware scam tricks you with fake activation guides

Cybercriminals are exploiting TikTok to deceive users by presenting malicious downloads as free activation guides for popular software, including Windows and Microsoft 365. Security expert Xavier Mertens identified this campaign, which involves TikTok videos showcasing PowerShell commands that mislead users into executing them as administrators. These commands redirect users to a malicious website, downloading Aura Stealer malware that extracts saved passwords, cookies, and other sensitive information. This scam employs a ClickFix attack, making victims believe they are following legitimate instructions. The PowerShell command links to a remote domain, slmgr[.]win, which retrieves harmful executables hosted on Cloudflare, including updater.exe, a variant of Aura Stealer. Another file, source.exe, executes code in memory, complicating detection. To protect against these scams, users should avoid executing commands from TikTok, download software from trusted sources, keep security tools updated, use strong antivirus software, consider data removal services, reset credentials if compromised, use unique passwords, and enable multi-factor authentication.

Tech Optimizer

November 13, 2025

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have identified a malware campaign using the ClickFix social engineering technique to spread information-stealing malware on Windows and macOS. The campaign targets users searching for cracked software, leading them to malicious Google-hosted landing pages. Victims encounter fake security warnings that prompt them to execute a malicious command, resulting in the installation of infostealer malware. Windows users receive the ACR stealer, while macOS users get the Odyssey stealer, both delivered in password-protected ZIP files. ACR also loads additional malware like SharkClipper, which hijacks cryptocurrency clipboard data. The campaign has seen a 700% increase in ACR logs in May 2025, with ClickFix becoming the most common initial access method, accounting for 47% of all initial access schemes. The malware collects various user data, including passwords and cryptocurrency wallets, and operates in a fileless manner to evade detection. Security experts advise against executing unverified commands and recommend enhancing endpoint detection capabilities to combat these threats.

AppWizard

October 25, 2025

OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk?

Mobile applications account for 70% of global interactions, with over 6.8 billion smartphone users. In 2023, 40% of data breaches are linked to vulnerabilities in mobile applications. The OWASP Mobile Top 10 outlines critical security risks for mobile apps, including: 1. Improper Credential Usage: Mishandling of passwords and session tokens. 2. Inadequate Supply Chain Security: Risks from unverified third-party components. 3. Insecure Authentication/Authorization: Failures in verifying user identities. 4. Insufficient Input/Output Validation: Lack of checks on incoming and outgoing data. 5. Insecure Communication: Unprotected data during transmission. 6. Inadequate Privacy Controls: Poor safeguards for personal data. 7. Insufficient Binary Protections: Lack of defenses against reverse engineering. 8. Security Misconfiguration: Improperly secured application settings. 9. Insecure Data Storage: Weak protection of sensitive information on devices. 10. Insufficient Cryptography: Use of weak or improperly implemented encryption. AutoSecT, an AI-driven mobile app security testing platform, detects these risks through various methods, including static code analysis, software composition analysis, and dynamic testing. It helps developers identify and mitigate vulnerabilities effectively.

Tech Optimizer

October 20, 2025

TikTok Videos Spread ClickFix Malware, Stealing User Credentials

Cybercriminals are increasingly using TikTok to spread malware through seemingly harmless videos that promise free software activations for applications like Windows, Spotify, or Netflix. These videos employ a technique called ClickFix, which tricks users into executing harmful PowerShell commands that install infostealers, compromising sensitive information such as login credentials and financial data. The malware can self-compile on the victim's device, making it harder to detect. Reports indicate a shift in these tactics from platforms like YouTube and Meta to TikTok, with over 30,000 websites compromised in related DNS malware campaigns. Artificial intelligence is also being used to create deceptive videos that resemble legitimate content, complicating the identification of malicious material. Android users face similar threats from apps impersonating popular services, such as WhatsApp or TikTok. Experts recommend enabling two-factor authentication, using reputable antivirus software, avoiding unverified commands, and adjusting privacy settings on TikTok to mitigate these risks.

AppWizard

October 15, 2025

Android’s Strandhogg 2.0 Vulnerability Enables App Hijacking and Data Theft

A recently discovered vulnerability in Android devices, named Strandhogg 2.0, allows malicious applications to hijack legitimate ones and extract sensitive information without user awareness. This flaw affects nearly all devices running Android 9.0 or older, exploiting weaknesses in app permissions and task management. Attackers can overlay deceptive interfaces on trusted applications, capturing user credentials in real time. The vulnerability poses risks not only to individual users but also to enterprises relying on Android, as sensitive business data could be compromised. Google has acknowledged the issue and issued patches, but the slow rollout means many devices remain exposed. Users are advised to update their devices and scrutinize app permissions, while developers should implement stronger authentication mechanisms. The incident may lead to regulatory scrutiny for stricter security standards in the mobile sector.

AppWizard

September 24, 2025

Banking Trojans Targeting Android Users Disguise as Government and Trusted Payment Apps

Since August 2024, a financially motivated threat group has targeted Android users in Indonesia and Vietnam by deploying banking trojans disguised as legitimate government identity and payment applications. The campaign utilizes intricate download mechanisms, reuses existing infrastructure, and employs template-based spoofed sites to evade detection while stealing user credentials. Researchers identified the campaign through suspicious HTML elements on counterfeit Google Play Store pages, with notable domains like icrossingappxyz[.]com featuring deceptive download buttons. The download process involved a WebSocket connection that streamed the .apk file in chunks, effectively bypassing network security filters. The downloaded file, often named IdentitasKependudukanDigital.apk, contained a variant of the BankBot.Remo trojan. Additionally, simpler spoofed sites imitated popular regional applications, such as a clone of the M-Pajak tax-payment app hosted on twmlwcs[.]cc, which was also identified as a BankBot loader. Other variants were found on domains like dgpyynxzb[.]com and ykkadm[.]icu, masquerading as legitimate banking applications. Over the past year, researchers identified over 100 domains associated with this campaign, primarily utilizing Alibaba ISP and registered through Gname.com Pte. Ltd. The operational patterns revealed a focus on Indonesian and Vietnamese victims, with domain registration and DNS queries peaking during Eastern Asia daytime hours. The campaign combines advanced obfuscation techniques with mass-template spoofing to circumvent security controls, highlighting the need for user vigilance and monitoring of unusual WebSocket traffic.