User Credentials Archives

Tech Optimizer

March 19, 2026

ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain

The ransomware group LeakNet has evolved its tactics, increasing its average targets from three per month and shifting from purchasing stolen network access to launching its own campaigns. They now use deceptive error screens and a new tool that executes malicious code in a computer's memory. Their strategy includes ClickFix lures, which compromise legitimate websites to display fake security checks, tricking users into executing malicious commands. This method broadens their victim reach and reduces costs. The Deno loader, part of this strategy, collects machine information and retrieves additional malicious code without leaving standard files, making detection difficult. After infiltrating a network, LeakNet checks for active user credentials and uses PsExec for lateral movement, employing Amazon S3 buckets for payload staging and data exfiltration. Defenders are advised to monitor for suspicious behavior rather than just known malicious files, focusing on unusual web commands and unexpected cloud storage connections.

AppWizard

March 19, 2026

New Android malware hiding in streaming apps to spy on users’ personal notes

Researchers have discovered a sophisticated malware called Perseus that targets Android users by disguising itself within television streaming applications to steal sensitive information, including passwords and banking details. This malware, reported by ThreatFabric, primarily affects users in Turkey and Italy and is based on the leaked code of previous Android banking trojans, particularly Cerberus. Perseus masquerades as IPTV service apps, often downloaded from unofficial sources, and employs overlay attacks and keylogging techniques to capture user credentials. It specifically targets personal note-taking applications like Google Keep, Evernote, and Simple Notes to extract sensitive information stored within them. The malware landscape is evolving, with new threats like the banking trojan Herodotus and the Crocodilus variant, which can manipulate contact lists. Users are advised to be cautious when downloading applications from unofficial sources.

Tech Optimizer

February 12, 2026

Build a custom solution to migrate SQL Server HierarchyID to PostgreSQL LTREE with AWS DMS

Data migration from SQL Server to Amazon RDS for PostgreSQL or Amazon Aurora PostgreSQL-Compatible Edition often requires adjustments to the database schema or SQL commands. AWS provides DMS Schema Conversion to aid in converting existing database schemas and AWS Database Migration Service (AWS DMS) to assist in data migration, featuring enhanced security and minimized downtime. SQL Server uses the HierarchyID data type for managing hierarchical data, while PostgreSQL employs the LTREE extension for similar purposes. The migration process involves preparing both the source SQL Server and target PostgreSQL environments, creating tables, installing the LTREE extension, and converting schemas using AWS DMS Schema Conversion. The migration steps include creating sample tables in SQL Server with HierarchyID columns, enabling change data capture (CDC), creating the LTREE extension in PostgreSQL, and preparing the target table structure. AWS DMS endpoints are created for both source and target databases, followed by the creation and execution of an AWS DMS migration task. Post-migration, the original HierarchyID column is replaced with the LTREE column, and the IDENTITY column behavior is reverted to its original state. The migration process is verified by inserting rows in PostgreSQL and ensuring they are in the correct LTREE format. Common functions from SQL Server's HierarchyID are mapped to their PostgreSQL LTREE equivalents, facilitating the transition between the two systems.

Winsage

January 1, 2026

WinBoat is an open source tool that lets you seamlessly run Windows applications on Linux.

WinBoat is an open-source tool that enables users to run Windows applications natively on Linux systems through virtualization technology. It can be tested on an Ubuntu 24.04 Linux PC using Docker and FreeRDP. Users can download WinBoat as an AppImage, grant execution permissions, and follow installation steps that include specifying installation location, Windows version, language, and system resource allocation. Key features include a refined interface, automatic installation, universal application support, file system integration, USB pass-through support, future GPU support plans, and compatibility with Podman. As of December 2025, WinBoat is in beta and may have bugs. User feedback has been mixed, with some comparing it to a Windows virtual machine and noting issues like browser freezing and the need for a Windows license.

AppWizard

December 18, 2025

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

A new Android malware campaign has been launched by the North Korean threat actor Kimsuky, introducing a variant called DocSwap. This malware is distributed via QR codes on phishing websites that impersonate CJ Logistics. Attackers use QR codes and notification pop-ups to lure victims into downloading the malware, which decrypts an embedded APK and activates Remote Access Trojan (RAT) capabilities. The malicious app is disguised as a legitimate application to bypass Android's security measures. Victims are tricked into installing the app through smishing texts or phishing emails that mimic delivery companies. The app downloads an APK named "SecDelivery.apk," which then loads the malware. It requests permissions to access various device functions and registers a service that simulates an OTP authentication screen. The app connects to an attacker-controlled server, allowing execution of commands such as logging keystrokes, capturing audio, and gathering sensitive information. Additionally, two other malicious samples have been identified, disguised as a P2B Airdrop app and a trojanized version of the BYCOM VPN app. The campaign also includes phishing sites mimicking popular South Korean platforms to capture user credentials.

AppWizard

December 17, 2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) called Cellik has appeared on underground cybercrime forums, offering capabilities for a subscription fee of 0 per month or a one-time payment of ,000 for lifetime access. This malware can be embedded into any app on the Google Play Store, creating trojanized versions of popular applications while maintaining the original app's interface. Cellik includes features such as real-time screen capture, interception of app notifications, filesystem access, data wiping, and secure communication with a command-and-control server. It also has a hidden browser mode that allows attackers to use the victim's stored cookies and an app injection system for overlaying fake login screens. The malware can inject payloads into installed apps, complicating detection. Cellik is designed to bypass Google Play security features, raising concerns about the effectiveness of automated reviews and device-level scanners.

Tech Optimizer

December 3, 2025

Wacatac Trojan: What Is It And How To Remove It

The Wacatac Trojan is a type of malware first documented in January 2020, known for disguising itself as benign software to trick users into installation. It operates under various aliases, including Trojan:Script/Wacatac and Trojan:Win32/Wacatac, and can connect to Command-and-Control (C2) servers for remote manipulation. Its capabilities include stealing credentials, evading antivirus detection, creating or joining botnets, causing system damage, enabling spyware functions, acting as Remote Access Tools (RATs), and downloading additional malware. Symptoms of infection include sluggish performance, program failures, unexplained storage reductions, and unfamiliar processes. Wacatac spreads through unofficial software, malicious web pages, and phishing emails. Removal is best achieved using reputable antivirus software, while prevention involves avoiding questionable downloads, practicing good digital hygiene, keeping software updated, backing up data, and using quality antivirus solutions. False positives can occur, where legitimate programs are mistakenly flagged as Wacatac.

Tech Optimizer

November 16, 2025

TikTok malware scam tricks you with fake activation guides

Cybercriminals are exploiting TikTok to deceive users by presenting malicious downloads as free activation guides for popular software, including Windows and Microsoft 365. Security expert Xavier Mertens identified this campaign, which involves TikTok videos showcasing PowerShell commands that mislead users into executing them as administrators. These commands redirect users to a malicious website, downloading Aura Stealer malware that extracts saved passwords, cookies, and other sensitive information. This scam employs a ClickFix attack, making victims believe they are following legitimate instructions. The PowerShell command links to a remote domain, slmgr[.]win, which retrieves harmful executables hosted on Cloudflare, including updater.exe, a variant of Aura Stealer. Another file, source.exe, executes code in memory, complicating detection. To protect against these scams, users should avoid executing commands from TikTok, download software from trusted sources, keep security tools updated, use strong antivirus software, consider data removal services, reset credentials if compromised, use unique passwords, and enable multi-factor authentication.

Tech Optimizer

November 13, 2025

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have identified a malware campaign using the ClickFix social engineering technique to spread information-stealing malware on Windows and macOS. The campaign targets users searching for cracked software, leading them to malicious Google-hosted landing pages. Victims encounter fake security warnings that prompt them to execute a malicious command, resulting in the installation of infostealer malware. Windows users receive the ACR stealer, while macOS users get the Odyssey stealer, both delivered in password-protected ZIP files. ACR also loads additional malware like SharkClipper, which hijacks cryptocurrency clipboard data. The campaign has seen a 700% increase in ACR logs in May 2025, with ClickFix becoming the most common initial access method, accounting for 47% of all initial access schemes. The malware collects various user data, including passwords and cryptocurrency wallets, and operates in a fileless manner to evade detection. Security experts advise against executing unverified commands and recommend enhancing endpoint detection capabilities to combat these threats.

AppWizard

October 25, 2025

OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk?

Mobile applications account for 70% of global interactions, with over 6.8 billion smartphone users. In 2023, 40% of data breaches are linked to vulnerabilities in mobile applications. The OWASP Mobile Top 10 outlines critical security risks for mobile apps, including: 1. Improper Credential Usage: Mishandling of passwords and session tokens. 2. Inadequate Supply Chain Security: Risks from unverified third-party components. 3. Insecure Authentication/Authorization: Failures in verifying user identities. 4. Insufficient Input/Output Validation: Lack of checks on incoming and outgoing data. 5. Insecure Communication: Unprotected data during transmission. 6. Inadequate Privacy Controls: Poor safeguards for personal data. 7. Insufficient Binary Protections: Lack of defenses against reverse engineering. 8. Security Misconfiguration: Improperly secured application settings. 9. Insecure Data Storage: Weak protection of sensitive information on devices. 10. Insufficient Cryptography: Use of weak or improperly implemented encryption. AutoSecT, an AI-driven mobile app security testing platform, detects these risks through various methods, including static code analysis, software composition analysis, and dynamic testing. It helps developers identify and mitigate vulnerabilities effectively.