usernames Archives

Winsage

November 17, 2025

Windows 11 users just got a more convenient way to store passkeys – here’s how it works

The technology behind passkeys involves cryptographic keys and standards like FIDO2 and WebAuthn, but users can enhance their security by creating passkeys whenever offered by websites or apps, using face recognition, fingerprints, or PINs. Users can accumulate multiple passkeys for easier sign-in across services. 1Password is set to integrate a new native passkeys plugin API with Windows 11, allowing users to manage passkeys through 1Password while using Windows Hello for authentication. This integration requires the latest version of Windows 11 and the MSIX version of the 1Password app. Users can enable the passkey feature in 1Password and designate it as the system authenticator in Windows settings. Other password managers may also adopt this integration, and Windows is introducing its own passkey sync mechanism through the Microsoft Password Manager in Edge. Passkeys do not replace existing credentials but serve as a secure alternative to usernames and passwords, with some services offering fully passwordless options.

AppWizard

November 9, 2025

SoftTalk Messenger introduces monetisation for African content creators

SoftTalk Messenger, a Nigerian-owned messaging app, has launched a monetisation programme for African content creators that rewards engagement and prioritises user privacy. The platform allows group administrators and digital community leaders to earn directly from audience interaction through its Creator Partner Program, which calculates earnings based on monthly engagement scores. Users can communicate without disclosing phone numbers, using usernames to enhance privacy. SoftTalk Messenger offers features including text, voice, and video calls, marketplace functionalities, and utility bill payments. Creators can retain 100% of their earnings without relying on foreign intermediaries. Registration does not require a phone number, and the Creator Partner Program requires a minimum of 100 group participants.

AppWizard

November 4, 2025

Dangerous new Android trojan is taking over phones and draining bank accounts — how to stay safe

A new banking Trojan is disguising itself as legitimate applications like digital ID tools and news readers, targeting Android users with banking and cryptocurrency apps. This malware steals login credentials and operates stealthily as an infostealer, evading detection while continuously collecting data. It can take over screens, interact with buttons, and use fake login screens for overlay attacks on real banking apps. Users are advised to regularly check accessibility services, download apps only from the Google Play Store or reputable sites, and scrutinize app permissions. Implementing layered security measures, such as using antivirus applications and keeping software updated, is essential to mitigate risks associated with this malware.

Tech Optimizer

November 1, 2025

maCERT Warns of Rapidly Spreading Spyware “Acreed”

maCERT, the Moroccan national cybersecurity agency, has issued an alert about a new spyware toolkit called Acreed, which emerged in February 2025. Acreed has become one of the most prevalent information stealers on the dark web, accounting for approximately 17% of underground cyber activity. Its primary function is to infiltrate computers and extract sensitive information, which is then sold or exploited by hackers. Acreed spreads through deceptive emails, infected advertisements, and pirated software downloads. It collects data such as usernames, passwords, browser information, cryptocurrency wallet details, and session tokens for cloud services. The data is transmitted to remote servers controlled by cybercriminals. The risks associated with Acreed affect both individuals and business networks. Recommendations to mitigate the threat include keeping antivirus software updated, monitoring for suspicious activity, avoiding unofficial software downloads, and being cautious with unsolicited emails. Users who suspect infection are encouraged to report it to maCERT for assistance.

AppWizard

October 30, 2025

Nigerian-owned message app, SoftTalk Messenger announces monetisation for content creators

SoftTalk Messenger, developed by Simple Azenabor, has launched a Creator Partner Program that allows African content creators to earn 100% of their revenue from audience interactions. The program enables group administrators and digital community leaders to monetize their engagement in group chats. SoftTalk Messenger prioritizes user privacy by using @usernames instead of phone numbers, enhancing protection against spam and identity breaches. The application includes various commerce tools tailored for African users and allows creators to earn directly without intermediaries. To qualify for the program, groups must have at least 100 participants, and users can track their monetization status within the app. SoftTalk Messenger is available on both Apple and Android platforms without requiring sensitive personal information.

AppWizard

October 29, 2025

SoftTalk Messenger introduces monetization for African content creators

SoftTalk Messenger is a Nigerian-owned messaging app developed by Simple Azenabor that focuses on empowering African content creators through a monetization program. This program rewards group administrators and digital community leaders based on audience engagement, allowing them to earn directly from their interactions. The app prioritizes user privacy by enabling communication through @usernames instead of phone numbers, reducing the risk of spam and identity theft. SoftTalk offers features such as text, voice, and video calls, a marketplace for products and services, utility bill payments, and monetization tools. Unlike many global platforms, creators on SoftTalk retain 100% of their earnings without intermediaries. The monetization program requires a minimum of 100 group participants and is available on both Apple and Android platforms, with no need for sensitive personal information to join.

AppWizard

October 24, 2025

New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer

A Python-based remote access trojan (RAT) has emerged in the gaming community, disguised as a legitimate Minecraft client named “Nursultan Client.” It uses the Telegram Bot API for command and control, allowing attackers to exfiltrate sensitive data and interact with compromised machines. The malware is packaged with PyInstaller and has a large executable size of 68.5 MB to evade security tools. Upon execution, it hides its console window and presents a fake installation progress bar. Researchers identified the executable with the SHA256 hash 847ef096af4226f657cdd5c8b9c9e2c924d0dbab24bb9804d4b3afaf2ddf5a61. It attempts to create a registry key for persistence but has a flawed startup command. The malware includes a hardcoded Telegram Bot Token (8362039368:AAGj_jyw6oYftV2QQYiYoUslJOmXq6bsAYs) and a restricted list of user IDs (6804277757) for command authorization. It targets Discord authentication tokens and scans local storage and user data directories of major web browsers to extract tokens. Additionally, it features surveillance capabilities like screenshot capture and webcam photography, compiling detailed system profiles.

AppWizard

October 24, 2025

New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data

Threat researchers at Netskope have identified a new Remote Access Trojan (RAT) named “Nursultan Client,” disguised as a legitimate application for Minecraft enthusiasts. This malware, developed in Python, uses the Telegram Bot API for command-and-control operations, enabling data exfiltration and persistent access to compromised systems. It was first detected as a 68.5 MB executable compiled with PyInstaller, which is often used for legitimate software but can also bundle malicious scripts. Upon execution, the RAT misleads users with a fake installation progress bar. Its core functionalities operate across Windows, Linux, and macOS platforms, targeting the gaming community through social engineering tactics. The malware contains hardcoded Telegram credentials, allowing attackers to issue commands to infected machines while obscuring their communications. The RAT can execute various commands, including stealing Discord authentication tokens and conducting system reconnaissance. It also offers surveillance capabilities, such as capturing screenshots and webcam images, and has adware functionalities that can open URLs or display pop-up messages. The operation appears to be aimed at lower-tier threat actors, lacking advanced anti-analysis techniques and sophisticated tradecraft. Organizations are advised to monitor encrypted traffic and educate users on software authenticity to mitigate risks.

AppWizard

October 14, 2025

No fix yet for attack that lets hackers pluck 2FA codes from Android phones

A new attack method called Pixnapping has been developed, allowing malicious applications to capture sensitive information like two-factor authentication (2FA) codes and location data in under 30 seconds without requiring system permissions. This attack has been successfully demonstrated on devices such as the Google Pixel and Samsung Galaxy S25, and it can adapt to other models. Despite Google's release of mitigations, modified versions of the attack remain effective. The malicious app prompts targeted applications to display sensitive information, which it can then capture by mapping graphical operations to screen coordinates. Information not displayed on the screen, such as secret keys within an app, is secure from this attack. Pixnapping is similar to a previous attack called GPU.zip, which exploited vulnerabilities in graphics processing units (GPUs) to extract sensitive visual data, and the weaknesses exploited by GPU.zip have not been fixed.

AppWizard

October 9, 2025

WhatsApp may soon allow users to chat without sharing numbers, messaging app to bring username reservation option; here’s how it will work

WhatsApp has introduced several updates, including live and motion picture sharing, Meta AI chat themes, AI-powered video call backgrounds, and document scanning for Android users. A significant upcoming feature is the introduction of usernames, allowing users to connect without sharing their phone numbers, enhancing privacy and ease of discovery. This change aligns WhatsApp with other messaging apps like Telegram and Signal. Additionally, a username reservation system is being developed to allow users to reserve their preferred usernames before the official launch, preventing early adopters from monopolizing popular choices. This reservation feature will be found in the profile section of WhatsApp, just below the phone number.