User ID Archives

AppWizard

October 24, 2025

New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer

A Python-based remote access trojan (RAT) has emerged in the gaming community, disguised as a legitimate Minecraft client named “Nursultan Client.” It uses the Telegram Bot API for command and control, allowing attackers to exfiltrate sensitive data and interact with compromised machines. The malware is packaged with PyInstaller and has a large executable size of 68.5 MB to evade security tools. Upon execution, it hides its console window and presents a fake installation progress bar. Researchers identified the executable with the SHA256 hash 847ef096af4226f657cdd5c8b9c9e2c924d0dbab24bb9804d4b3afaf2ddf5a61. It attempts to create a registry key for persistence but has a flawed startup command. The malware includes a hardcoded Telegram Bot Token (8362039368:AAGj_jyw6oYftV2QQYiYoUslJOmXq6bsAYs) and a restricted list of user IDs (6804277757) for command authorization. It targets Discord authentication tokens and scans local storage and user data directories of major web browsers to extract tokens. Additionally, it features surveillance capabilities like screenshot capture and webcam photography, compiling detailed system profiles.

Tech Optimizer

October 24, 2025

OAuth 2.0 authorization in PostgreSQL using Keycloak as an example

The Tantor Postgres 17.5.0 DBMS introduces OAuth 2.0 Device Authorization Flow for secure access to PostgreSQL via external identification providers like Keycloak. This feature will also be available in PostgreSQL 18. The setup involves configuring Keycloak, preparing PostgreSQL, writing an OAuth token validator, and verifying authorization through psql. Keycloak is an open-source access control system that simplifies user management and provides a single sign-on experience. To launch Keycloak, a Docker image is used, and an admin user is created with the username and password set to "admin." The process includes creating a realm named "postgres-realm," adding users (e.g., a user named "alice"), establishing client scopes, and creating a client named "postgres-client" with OAuth 2.0 Device Authorization Grant enabled. PostgreSQL requires specific configurations for OAuth operations, including creating a user, adjusting parameters in the postgresql.conf file, and setting up user mapping in pg_ident.conf and pg_hba.conf files. A role named "alice" is created with login rights. The postgresql.conf file specifies the OAuth validator library, and user mapping can be done via pg_ident.conf or a custom validator. The pg_hba.conf file is configured to allow client login to the database using OAuth, specifying the issuer parameter pointing to the Keycloak discovery service URL. A custom validator is implemented to handle token validation, ensuring that the required scopes are present in the received token. The validator includes functions for startup, shutdown, and token validation, which processes the token content and checks permissions against the HBA configuration.

AppWizard

October 24, 2025

New Python Remote-Access Trojan Disguised as Minecraft App Steals Files

A new Python-based remote-access trojan (RAT) has been discovered, targeting gamers by impersonating the legitimate “Nursultan Client” application used by Eastern European Minecraft players. It utilizes the Telegram Bot API for command-and-control operations, allowing attackers to exfiltrate sensitive data and control systems on Windows, Linux, and macOS. The malware employs deceptive installation screens and manipulates the Windows registry to appear as legitimate software, but its persistence mechanism is flawed, failing to survive system reboots. It contains hardcoded credentials, enabling specific attacker control, and can perform functions like system reconnaissance, data theft, and remote surveillance, particularly targeting Discord authentication tokens. The RAT can capture screenshots and activate webcams, sending this information through the Telegram API, which complicates detection. It also has adware-like features that display URLs and images on victims' systems. Researchers believe this malware is part of a Malware-as-a-Service ecosystem, and its signature is identified as QD:Trojan.GenericKDQ.F8A018F2A0 by Netskope’s Advanced Threat Protection.

AppWizard

October 20, 2025

Duet Night Abyss codes October 2025

Duet Night Abyss is a 3D action gacha game that does not feature character gacha mechanics, instead offering gems for skins, outfits, and customization. The game is set to launch on October 28, 2024, following a redesign based on player feedback, eliminating traditional gacha and stamina systems. Currently, there are no active codes, but players can expect pre-release codes during a livestream on October 25. The code redemption process will be clarified at launch, likely involving navigation to the settings page or in-game store. Players can anticipate additional codes during future livestreams and social media announcements.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

Winsage

February 5, 2025

Microsoft veteran sees DeepSeek as natural evolution in AI landscape

Many subscribers prefer the convenience of saving their log-in credentials for easier access to online platforms. Users can activate this feature by checking the 'Save my User ID and Password' box during log-in, which securely stores the password on their device. However, if users log out, their saved information will be erased, requiring them to re-enter their log-in details on their next visit. Users should consider the balance between convenience and security when deciding on their log-in preferences.

Tech Optimizer

November 22, 2024

Visualizing PostgreSQL Data With Angular To Analyze What Passengers Find Rude to Do During a Flight

The Angular framework has recently been updated, prompting the author to refresh their skills by developing a data visualization dashboard. The project utilized a dataset from the article "41 Percent of Fliers Say It’s Rude To Recline Your Airplane Seat." The development stack included Angular for the front-end framework, PostgreSQL for database management, and Flexmonster for data visualization. The project setup involved creating an Angular application using Angular CLI, establishing a PostgreSQL database on ElephantSQL, and integrating Flexmonster's API for visualizations. The PostgreSQL database was populated with data from a CSV file, and DBeaver was used for database management. Flexmonster was installed and configured in the Angular project, and a connection was established between Flexmonster and the PostgreSQL database using the Flexmonster Data Server. The project was launched using npm start, resulting in a functional pivot table for data analysis. The completed project is available on GitHub.

Tech Optimizer

November 18, 2024

PostgreSQL Security Update, Patch For Multiple Vulnerabilities

The PostgreSQL Global Development Group has released a critical security update for all supported versions of PostgreSQL, including 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. The update addresses four security vulnerabilities: 1. CVE-2024-10976: A row security vulnerability with a CVSS v3.1 Base Score of 4.2, affecting versions 12 through 17. 2. CVE-2024-10977: An issue related to libpq error message retention, with a CVSS v3.1 Base Score of 3.1, affecting versions 12 to 17. 3. CVE-2024-10978: A user ID reset issue with a CVSS v3.1 Base Score of 4.2, impacting versions 12 to 17. 4. CVE-2024-10979: A critical vulnerability allowing unprivileged users to alter sensitive process environment variables, with a CVSS v3.1 Base Score of 8.8, affecting versions 12 to 17. This release marks the final update for PostgreSQL 12. The update includes over 35 bug fixes and updates time zone data files to tzdata release 2024b. Users must shut down PostgreSQL and update its binaries to apply the update, with additional steps required for certain scenarios. It is recommended for users running PostgreSQL 12 in production to upgrade to a newer version for continued security and bug fixes.

AppWizard

October 1, 2024

Android smartphone SoC suppliers gearing up for AI application boom

Users can save their User ID and Password on their device by selecting the 'Save my User ID and Password' checkbox in the log-in section. Once enabled, credentials are securely stored, but if the user logs out, the saved information will be erased, requiring re-entry of the User ID and Password upon the next visit.