user trust Archives

Tech Optimizer

June 5, 2025

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Researchers at DomainTools Investigations (DTI) have identified counterfeit websites mimicking platforms like DocuSign and Gitcode, designed to lure users into downloading malware, specifically a remote access trojan (RAT). These fraudulent sites use tactics such as fake CAPTCHA prompts to enhance credibility and prompt users to download malicious software disguised as necessary updates. The operation employs a multi-stage downloader PowerShell script, reminiscent of older scams that alarmed users with popups about virus infections. Users are advised to be cautious with unfamiliar websites and verify the authenticity of download prompts.

Tech Optimizer

June 5, 2025

UltraAV Delivers Continuous Innovation in Antivirus Protection

UltraAV, an antivirus solution from Point Wild, has introduced significant enhancements to improve threat protection and user experience. Key updates include: - Advanced AV Engine upgrades for faster scans and improved detection rates across versions 12.0, 12.3, 12.4, and 12.7.2. - The ability to scan external USB devices and schedule recurring scans, introduced in version 12.8. - Expanded privacy and identity protections for premium users, including identity theft monitoring and real-time fraud alerts. - Seamless integration with Total Cleaner for premium subscribers, enhancing app reliability (versions 12.7 and 12.7.1). - Self-protection features to safeguard UltraAV binaries from malware (version 12.8). - URL filtering to block harmful URLs for Chrome users (version 12.4). UltraAV is built on over 20 years of research and development, integrating real-time threat intelligence and AI-driven detection. Point Wild, the parent company, provides cybersecurity solutions to over 25 million users globally.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

AppWizard

May 13, 2025

You can now verify Mullvad VPN’s credentials

Mullvad VPN has announced that its Android app builds are now reproducible starting with version 2025.2, allowing users to verify that the app is built from the open-source code published by Mullvad. Reproducible builds ensure that the published source code matches the distributed application and that no unintended modifications occurred during the build process. Mullvad encourages users to engage in the verification process, providing source codes and instructions on its GitHub page.

Winsage

May 9, 2025

Microsoft is giving Windows 11 users the option to install apps directly from the Start menu

Microsoft is integrating the Microsoft Store into the Start menu of Windows 11 through an upgrade to Windows Search. This change will allow users to discover and install applications directly from the Start menu or Taskbar, with a "Get" button for apps not currently installed. This feature aims to simplify app acquisition and enhance productivity. However, there are concerns about potential misinterpretations of search queries and the impact on user trust due to Microsoft's history of promoting its apps through the Start menu.

AppWizard

May 6, 2025

I’m the Private Messaging App Signal, and the Trump Administration Is Ruining My Brand

Signal, known for its commitment to privacy and end-to-end encryption, is facing controversy due to a breach involving an unofficial version used by Mike Waltz, a former National Security Adviser. This incident has raised questions about the app's reputation and its ability to maintain secure communications. The app's founder, Moxie Marlinspike, emphasizes privacy, but the association with political figures has complicated its image. Signal has recently released version 7.34.0, which improved compatibility with Arm64 processors, but the media focus has shifted to the political controversy. This breach raises concerns for potential users who value anonymity, and Signal's open-source design allows for public scrutiny, contrasting with competitors. The company faces challenges in restoring user trust while competing with alternatives that prioritize data monetization and advertising. Signal's commitment to privacy and technology remains, but it must work to distance itself from political narratives to recover its trusted status.

Winsage

May 4, 2025

Code Smell 298 – How to Fix Microsoft Windows Time Waste

Conditional logic in software development can obscure critical signals, leading to issues such as user delays, poor experiences, unpredictable timeouts, incomplete initialization, hidden dependencies, policy mismanagement, silent failures, and backward compatibility breaks. Solutions include validating all code paths, utilizing default reporting mechanisms, conducting rigorous edge case testing, refactoring policy checks early, implementing performance tests, and positioning reports outside of conditionals. A specific example is provided where Windows 7 had slower login times due to a failure to signal readiness when users selected a solid color background instead of a wallpaper image. This oversight resulted in a 30-second wait instead of a 5-second login process. Effective software design requires consideration of all potential code paths to avoid technical debt and performance issues. Static analysis tools can help identify critical reporting calls guarded by conditionals, and code reviews should ensure all initialization paths signal completion. The correspondence between real-world states and program states is crucial for maintaining user trust in the system. AI generators may inadvertently introduce issues by wrapping legacy code in conditionals without validating all paths.

Winsage

April 21, 2025

Intune flaw pushed Windows 11 upgrades on blocked devices

Microsoft identified a "code issue" within its Intune device management software as the reason for the unintended rollout of Windows 11 to devices not designated for the upgrade. The flaw triggered upgrades despite existing policies meant to prevent them. Microsoft is working on a fix and has advised organizations to pause Windows updates via Intune to avoid further issues. Devices that received the upgrade erroneously will need manual intervention to revert to their previous version. This incident follows a similar occurrence in November 2024, where customers experienced unexpected upgrades from Windows Server 2022 to Windows Server 2025. Microsoft attributed that incident to third-party products used for managing server updates. Additionally, a month prior, Microsoft retracted a preview update for Windows 11 due to severe issues causing crashes.

Winsage

April 13, 2025

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Windows users are facing security challenges, including a zero-day vulnerability that threatens Windows passwords and hackers bypassing Windows Defender. Microsoft has discontinued VPN support for Windows Defender users and withdrawn security support for Windows 10. A new folder named "inetpub" was created following the April 8 Patch Tuesday updates as part of the fix for CVE-2025-21204, a vulnerability in the Windows Update Stack. This folder has raised concerns among users, prompting Microsoft to advise against deleting it. The creation of the inetpub folder is intended to enhance security, although its purpose remains unclear. Microsoft confirmed that the folder is created regardless of whether Internet Information Services (IIS) is installed on the user's device.

Winsage

April 12, 2025

Microsoft rolling Windows Recall back into Copilot+ PCs

Microsoft has reintroduced its Windows Recall feature, now integrated into the Windows 11 Release Preview channel for Copilot+ PCs, after addressing public concerns. Originally unveiled at the Build developer conference in May of last year, Windows Recall automatically captures screenshots of a user's desktop at regular intervals and stores them locally. The feature aims to help users revisit their activities and incorporate AI capabilities for searching through the captured data. Privacy concerns arose due to the logging of user actions, prompting Microsoft to pause the launch in June after significant backlash. In November, Microsoft began testing Recall again, with it disabled by default on specific Copilot+ PCs. The feature is included in Windows 11 Build 26100.3902 as an opt-in option, with plans for a broader rollout in early 2025 and a phased introduction in the European Economic Area later this year. Recall will support multiple languages and is compatible with major web browsers. Screenshots are stored locally and encrypted, requiring Windows Hello authentication for access. Microsoft asserts that data remains on local storage and is not shared with third parties, with users having control over snapshot permissions and deletion options.