variants Archives

AppWizard

August 28, 2025

Malicious Android App Uses Fake Antivirus Front to Spy on Russian Users

A new strain of Android malware, identified as Android.Backdoor.916.origin, is being distributed through an app called GuardCB, which poses as a security application. The app, with a Russian interface and a logo resembling that of the Central Bank of Russia, requests extensive permissions, including device location, microphone and camera access, messages and call logs, contacts, and administrator rights. It also seeks access to popular applications like WhatsApp, Telegram, Chrome, Gmail, and Yandex. The malware enables hackers to stream live video and audio, capture images, access stored files, monitor keystrokes, and track communications and geolocation in real time. The app conducts simulated antivirus scans and generates fake threat results to reassure users while compromising their security. There are no confirmed links to specific actors or espionage activities, but the malware's extensive permissions and targeted nature raise concerns about potential state involvement amidst escalating cyber conflicts in the region.

Tech Optimizer

August 27, 2025

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Ransomware is being enhanced by artificial intelligence, with cybercriminals using generative AI tools to create sophisticated malware. A notable example is PromptLock, identified as the first fully AI-driven ransomware, discovered on August 27, 2025. It utilizes OpenAI’s gpt-oss-20b model to dynamically generate malicious code, complicating detection efforts. ESET's analysis indicates that PromptLock processes operations locally on the victim's device, minimizing external communications and reducing its digital footprint. The first half of 2025 saw a 70% increase in ransomware victims, largely due to AI-enhanced phishing campaigns. Akamai Technologies reported a 37% increase in ransomware incidents in 2024, fueled by generative AI. Governments are beginning to respond with regulations for quicker breach disclosures, and cybersecurity experts emphasize the need for continuous monitoring and adaptive defenses.

AppWizard

August 26, 2025

Delete these two Android apps now: Experts warn they’re secretly stealing your personal data

Online security is a significant challenge due to the vulnerability of smartphones, which are targets for cybercriminals. Two Android applications, Wuta Camera and Max Browser, have been identified as threats associated with the Necro Trojan, a spyware that steals personal information and injects advertisements. Wuta Camera version 6.3.7.138 and later is free from malware, while users of Max Browser are advised to uninstall it immediately. The Necro Trojan, first identified in 2019, uses steganography to conceal malicious code, allowing it to evade security checks. Unofficial app versions from unauthorized sites also pose risks. To protect against these threats, users should keep apps updated, use trusted antivirus software, download from official app stores, remain vigilant, and be selective with app installations.

Tech Optimizer

August 25, 2025

New Android Spyware Masquerading as Antivirus Targets Business Executives

Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware named Android.Backdoor.916.origin, which has been evolving since January 2025. This spyware primarily targets Russian businesses through focused attacks, disseminated via private messages as a fake antivirus application called “GuardCB.” The app's icon resembles the Central Bank of the Russian Federation's emblem and is presented in Russian. Variants of the malware include names like “SECURITY_FSB” and “FSB,” falsely claiming to be security tools linked to Russian law enforcement. Upon execution, the malware simulates an antivirus scan, requesting extensive system permissions for surveillance and data exfiltration, including access to geolocation, audio recording, SMS, contacts, call logs, media files, and camera functions. It establishes connections to command-and-control servers, allowing attackers to send and receive sensitive data, initiate audio and video feeds, and execute commands. The malware employs keylogger functionality to intercept keystrokes and monitor specific applications for content theft. Doctor Web has notified domain registrars to disrupt the malware's infrastructure and confirms that all known variants are detected and neutralized by their antivirus solutions. Organizations are advised to enforce strict APK sideloading policies and verify app authenticity to counter such threats.

AppWizard

August 25, 2025

Corporate Leaders Targeted by Android Spyware Masquerading as Security Apps

Security experts at Doctor Web have identified a sophisticated Android spyware campaign targeting Russian business leaders, utilizing malware named Android.Backdoor.916. First detected in January 2025, this malware is distributed through APK files disguised as security applications, particularly under the name GuardCB, which mimics the emblem of the Central Bank of the Russian Federation. Other variants include “SECURITY_FSB” and “FSB,” and the app interface is exclusively in Russian. The malware is disseminated via private messages on popular messaging platforms, avoiding official app stores. Upon installation, it simulates device scans and generates fictitious threat reports while activating extensive spyware modules that request permissions for geolocation, camera and microphone usage, SMS and contact access, call logs, and background operation. It can transmit SMS messages, upload contact lists, forward call history and location data, and exfiltrate media. It also enables real-time audio streaming, video capture, and screen activity monitoring, using Accessibility Service to maintain a keylogger for intercepting sensitive content from various applications. Control over the malware is maintained through a modular system that reconnects to the command server every minute, with fallback connectivity options to multiple hosting providers. The malware is designed for targeted cyber-espionage rather than mass infections, focusing on corporate executives and business figures. Doctor Web's antivirus solutions for Android can detect and eliminate known variants of this backdoor, highlighting the vulnerability of high-value individuals to mobile spyware disguised as legitimate applications. Experts recommend enhancing mobile security policies and educating high-risk employees about social engineering tactics.

AppWizard

August 21, 2025

Minecraft snapshot 25w34b explained: New features and updates | Esports News

Minecraft snapshot 25w34b introduces a new code of conduct feature that allows server administrators to create customized guidelines for players to accept before joining. Key changes include a new main menu background, longer sound delay for end light flashes, rebranding of the "Hide Lightning Flashes" setting to "Hide Sky Flash," and adjustments to the copper golem's hitbox and visibility. Players can hear copper golems and copper chests from 12 blocks away, and the sound associated with copper sorting has been softened. Bug fixes in this snapshot address various issues, including: - Resolved overflow of world names, versions, and timestamps in the world selection screen. - Fixed item frames and glow item frames not adjusting their hitbox when containing a map. - Addressed water and lava dripping from barriers. - Corrected glitches in the fletching table and issues with command execution across dimensions. - Ensured proper functionality of the statistics screen and command block interface. - Fixed various sound and visual issues related to copper golems and other entities. - Resolved problems with player spawn locations and ownership of arrows in multiplayer. - Corrected ambient sound issues and improved the drop rate of sweet berries.

AppWizard

August 20, 2025

Survival crafting adventure game Witchspire announced for PC

Envar Games has announced its new project, Witchspire, a survival crafting adventure game set to launch in Early Access for PC on Steam in 2026. The game allows players to take on the roles of novice witches and wizards in a magical realm threatened by an ancient darkness. Key features include magical survival mechanics, the ability to befriend and nurture diverse familiars, and creative home construction using astral projection. Players can engage in customization, leveling, and crafting while facing various threats in the game world.

AppWizard

August 20, 2025

Minecraft Snapshot 25w34b

This week, a new main menu panorama has been introduced, along with a comprehensive Code of Conduct for servers and ongoing enhancements with Copper Golems. Snapshot 25w34b has been released, addressing connectivity errors with Realms. New features include an in-game Code of Conduct that players must accept to access a server, with an option to opt out of future displays unless updated. A new boolean field, enable-code-of-conduct, has been added to server.properties to manage this feature. The main menu has been updated to feature Copper Golems. The sound effect for the End Light Flashes has an increased delay, and the accessibility setting "Hide Lightning Flashes" has been renamed to "Hide Sky Flashes." Copper Golems will now have invisible eyes when splashed with a Potion of Invisibility, and their hitbox has been adjusted to allow navigation through open doors. Sounds associated with Copper Golems and Copper Chests can now be heard from up to 12 blocks away, with modifications to the volume of copper sorting sounds. The Data Pack version has been updated to 84.0, introducing a new fetchprofile command for downloading player profiles. The alignitemsto_bottom block state property has been removed from the Shelf block. Fixed bugs in 25w34b include issues with glowing items, world selection screen overflow, and various interactions with Copper Golems and other entities. Snapshots are available for Minecraft: Java Edition, and players are advised to back up their worlds before installation.

Winsage

August 19, 2025

Microsoft is testing Copilot ads in Windows 11 Start menu to push Microsoft 365 Copilot

Microsoft is testing the integration of Copilot-related advertisements in the 'Recommended' section of the Start menu in Windows 11. These ads are intended to promote user engagement with the Copilot app and may direct users to either the consumer-oriented Copilot app or Microsoft 365 Copilot. The ads include messages like “Write a first draft with Copilot” and “Ask Copilot,” as well as prompts for productivity assistance. Users without a Microsoft 365 subscription may be encouraged to consider a paid plan when redirected to Microsoft 365 Copilot. Microsoft frames these prompts as “tips” or “suggestions” rather than traditional ads. Users can disable these ads by turning off a specific toggle in the Start settings. The rollout of these ads is still pending as testing continues.

AppWizard

August 18, 2025

What is wrong with Monster Hunter Wilds? Another debate burns besides difficulty and PC performance: has Capcom removed too much of the classic charm?

The latest patch for Monster Hunter Wilds introduces an additional difficulty tier, a new endgame grind with randomized talismans, and weapon balance adjustments. The game has sold 10 million copies within a month of its release. The update has sparked discussions among players, reflecting a divided community regarding the game's difficulty and gameplay style. Capcom has expedited the rollout of features initially planned for future patches, responding to calls for a more challenging experience. The introduction of 9-star Tempered monsters has raised questions about the game's threat hierarchy, while the reintroduction of random talismans has increased the power of mixed armor sets, necessitating tougher monsters. Players have expressed concerns about performance issues, particularly on PC, and the balance between hardcore and casual players remains a challenge for the developer. The patch has prompted a second hotfix due to an unintended nerf.