VBScript Archives

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 5, 2026

Wine 11.6 just made modding Windows games on Linux easier, and Proton could be next

Wine version 11.6 introduces DLL load-order heuristics to enhance the modding experience for gamers on Linux, allowing third-party mod DLLs to load automatically and prioritizing them over default Microsoft versions. The update also revives the Android driver, suggesting potential future support for running Android applications and games on Linux. Additionally, it includes various bug fixes and enhancements to VBScript compatibility, improving the functionality of Windows-based applications on Linux devices.

BetaBeacon

April 5, 2026

Wine 11.6 Begins Reviving Its Android Driver

Wine 11.6 has been released with a focus on reviving its Android driver, updating the build system for Android, and enhancing the DLL loader order heuristics to better support game mods.

Winsage

April 4, 2026

Wine 11.6 is an exciting release to make modding Windows games on Linux simpler

Wine version 11.6 enhances the experience of running Windows games on Linux through Proton, focusing on game modding capabilities. Key features include the revival of the Android driver, implementation of DLL load order heuristics for better mod support, improved compatibility with VBScript, and 28 bug fixes for application and game performance. The update allows Wine to prioritize DLLs provided with mods over its own versions, facilitating the use of a wider array of mods without additional tweaks. These changes are expected to be integrated into Proton for Steam users.

BetaBeacon

April 3, 2026

Wine 11.6 Brings Android Driver Work, Game Mod Fixes

The Wine Project has released version 11.6, which includes improvements and bug fixes to enhance user experience. The update focuses on reviving the Android driver and improving VBScript compatibility. Gaming compatibility has been addressed, fixing issues in popular games like Minecraft Windows 10 Edition and Mount & Blade: Warband. For Linux gamers, the update resolves problems in Diablo IV and Cyberpunk 2077. Additionally, enhancements have been made for DLL handling in Gecko-based browsers and modded game setups. Compatibility fixes have also been provided for various applications like StarOffice 5.1 and PDF-XChange Editor. The source code for Wine 11.6 is available for download on GitLab, with binary packages for different distributions expected to be available soon.

Winsage

February 24, 2026

Windows 11 27H2: Microsoft splits the Canary channel – Is the big overhaul finally coming?

The software department in Redmond is preparing for a significant update named 27H2, set for 2027, aimed at addressing legacy issues from older Windows versions. The Windows Insider Program is currently testing the 28000 series, with a notable shift to the 29500 build series indicating a "platform lift" that includes enhancements to the kernel and hardware abstraction layer (HAL). Microsoft plans to phase out VBScript and WordPad, eliminate support for outdated printer driver architectures and certain legacy file systems, and adopt a "core OS" approach to optimize performance for AI technologies. This update is seen as a strategic retreat from the idea of "Windows 12," focusing on stability and a comprehensive overhaul of the underlying architecture while avoiding market fragmentation. However, there are concerns that substantial changes could render older hardware or specialized software obsolete.

Tech Optimizer

December 3, 2025

Fileless protection explained: Blocking the invisible threat others miss

Fileless malware operates within a computer's active memory, avoiding detection by traditional antivirus solutions that rely on file scanning. It uses legitimate tools like PowerShell to execute harmful commands without creating files, making it difficult to identify. Cybercriminals can use fileless malware for various malicious activities, including data theft and cryptocurrency mining. Malwarebytes combats fileless attacks through two defense layers: Script Monitoring, which intercepts potentially dangerous scripts at execution, and Command-Line Protection, which scrutinizes command-line tools for suspicious activities. Examples of fileless attacks include malicious email attachments activating PowerShell to download ransomware, hidden JavaScript on websites mining cryptocurrency, and attackers using Windows Management Instrumentation (WMI) to create backdoors. Malwarebytes' Fileless Protection operates automatically in the background, ensuring legitimate applications function normally while monitoring for threats. It is part of a comprehensive security framework that includes machine-learning detection and web protection, designed to stop attacks that do not write files. This protection is included with Malwarebytes Premium, aimed at safeguarding personal and small business systems.

Winsage

November 25, 2025

ClickFix attack uses fake Windows Update screen to push malware

Recent observations have identified ClickFix attack variants where cybercriminals use deceptive Windows Update animations on full-screen browser pages to hide malicious code within images. Victims are misled into executing harmful commands through specific key sequences that copy and execute commands via JavaScript. Security researchers have documented these attacks since October, noting the use of LummaC2 and Rhadamanthys information stealers. Attackers utilize steganography to embed malware payloads within PNG images, reconstructing and decrypting them in memory using PowerShell and a .NET assembly called the Stego Loader. A dynamic evasion tactic known as ctrampoline complicates detection by initiating calls to numerous empty functions. The shellcode extracted from the encrypted image can execute various file types directly in memory. Following a law enforcement operation on November 13, the Rhadamanthys variant's payload delivery through fake Windows Update domains ceased, although the domains remain active. Researchers recommend disabling the Windows Run box and monitoring suspicious process chains to mitigate risks.

Winsage

November 25, 2025

Attackers are Using Fake Windows Updates in ClickFix Scams

Threat actors have adapted the ClickFix attack model, using a fraudulent Windows Update screen to disguise malicious code. This screen mimics the legitimate Windows Update interface and prompts users to execute harmful commands. The execution of these commands leads to the installation of LummaC2 and Rhadamanthys info-stealing malware. A report from ESET noted a 500% increase in ClickFix attacks, which now account for nearly 8% of all blocked attacks in early 2025. Huntress researchers tracked ClickFix lures that used steganography to deliver LummaC2 and Rhadamanthys malware, concealing malicious software within image files. The attacks involve a full-screen display that instructs users not to turn off their computers, ultimately prompting them to paste a malicious command. The execution process includes using mshta.exe and PowerShell to load and inject malicious assemblies. European law enforcement recently dismantled infrastructure used by threat actors, but Rhadamanthys is no longer distributed through the fraudulent Windows Update campaign. The use of steganography helps these payloads evade detection while relying on victims to manually execute commands.

Winsage

September 13, 2025

Microsoft To Depreciate VBScript In Windows Warns Developers To Adapt Their Projects

Microsoft is phasing out VBScript from Windows, a decision announced in May 2024, affecting developers using Visual Basic for Applications (VBA). The deprecation will occur in three phases: the first phase, ongoing until at least 2026, classifies VBScript as a "Feature on Demand" (FOD), allowing existing VBA projects to function without disruption. The second phase, starting around 2027, will disable the default status of the VBScript FOD, leading to potential failures in unupdated applications. The final phase will involve the complete removal of VBScript from future Windows releases. This change will impact VBA projects that rely on VBScript for executing external scripts and using the VBScript type library for regular expressions. To address these issues, Microsoft has integrated RegExp classes into the VBA runtime library starting with Microsoft 365 Version 2508, allowing developers to use regular expressions natively without relying on vbscript.dll. Developers are encouraged to upgrade to the latest Office build and test their projects for dependencies on VBScript.