victim Archives

AppWizard

May 18, 2026

The problem with bodycam shooters

Better Than Dead is a bodycam first-person shooter that recently launched in early access on Steam, allowing players to assume the role of a victim of a human trafficking ring in Hong Kong. Players are equipped with a pistol and a bodycam, embarking on a journey of revenge. The game emphasizes realism in gunfights, contributing to a trend of bodycam shooters influenced by the game Unrecord. It presents chaotic and unpredictable armed conflict, challenging players' perceptions of violence and its portrayal in media. The game's unsettling realism raises moral questions about gun control and the glorification of violence, leading to discomfort for some players who struggle with the boundaries between fantasy and reality.

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

Google warns 7 million Android users to delete these 28 fake apps

28 Android applications were removed from the Google Play Store after being identified as scams by security researchers at ESET. These apps, part of a campaign called “CallPhantom,” falsely claimed to provide access to private call logs, SMS records, and WhatsApp activity. They attracted millions of downloads despite lacking legitimacy, offering fabricated data such as fake phone numbers and bogus call durations. Some apps charged users for “detailed reports” that either never arrived or contained nonsensical information. The apps did not steal phone data or install malware but instead promised illicit access and generated fictitious data. The primary targets of this scam were users in India and the Asia-Pacific region.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

AppWizard

May 11, 2026

Jewish teen subjected to antisemitic slurs on Minecraft, inquiry told

A Perth teenager shared his experience of online bullying during a Royal Commission on Antisemitism and Social Cohesion hearing, detailing how classmates hurled antisemitic slurs at him while playing Minecraft. He felt isolated and distressed, confiding in his parents, who reported the bullying to the school. The school addressed the situation, leading to apologies from the students involved. The boy's mother expressed concerns about rising antisemitism, drawing parallels to her past experiences in the former Yugoslavia. Rabbi Menachem Dadon honored his friend Rabbi Eli Schlanger, who was killed in a shooting attack. Julie Nathan from the Executive Council of Australian Jewry reported a 316 percent increase in antisemitic incidents from 2023 to 2024, with over 1,600 incidents recorded in the past year. Musician Joshua Moshe faced online abuse after discussing Jewish history in a WhatsApp group, leading to threats and vandalism. Musician Deborah Conway experienced backlash and harassment after comments about military actions in Gaza, resulting in canceled gigs and protests. The Royal Commission continues to investigate antisemitism, having received over 9,600 submissions, primarily from Jewish individuals.

Winsage

May 10, 2026

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Between May 6 and May 7, 2026, the official JDownloader website was compromised in a supply chain attack, leading to the distribution of malicious installers for Windows and Linux users. Attackers altered download links, redirecting users to harmful files, specifically targeting the Windows “Alternative Installer” and the Linux shell installer. A Reddit user reported the issue after Microsoft Defender flagged the installers as malicious, noting unusual developer names instead of the expected publisher, AppWork GmbH. JDownloader developers confirmed the breach and temporarily took down the website for investigation, revealing that an unpatched vulnerability in the content management system allowed the attackers to modify download pages. The genuine installer packages were not altered, and the malicious links were removed. The website was restored on May 8–9, 2026, with verified clean installer links. Indicators of compromise included specific hashes and compromised URLs related to the attack.

Tech Optimizer

May 9, 2026

Avast Free Antivirus: The Go-To Software for Millions of Users

Avast’s free antivirus software is popular among Windows users, known for its user familiarity, robust features, and solid reputation. Key features include real-time malware detection, Smart Scan for multiple checks, a web shield for online safety, behavior-based detection for suspicious activity, and a Wi-Fi Inspector for network vulnerabilities. The software offers reliable malware detection, a user-friendly interface, and advanced tools like ransomware protection and network scanning, but it has downsides such as frequent prompts for premium upgrades and potential performance dips during scans. Avast employs a dual protection approach with signature-based detection and behavioral analysis, checking files immediately upon access and quarantining suspicious ones. It includes web protection to block malicious domains and an Email Shield for harmful attachments. The software receives frequent updates to maintain effectiveness against new threats, leveraging a vast threat intelligence network for rapid response to emerging malware. The free version is suitable for basic tasks like browsing and email management, but users needing advanced features may consider upgrading. Installation should be done from the official website to avoid unwanted software, and an initial scan is conducted post-installation. Avast's longevity is attributed to user habit and trust, consistently performing well in independent tests. When compared to other free antivirus programs, Avast offers a more extensive range of features than some competitors, though it may be more complex. Users can optimize settings for better protection by enabling core shields, adjusting scan strategies, and managing privacy settings. Regular updates are crucial for maintaining effective protection.

AppWizard

May 9, 2026

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers from ESET have discovered 28 fraudulent applications on the Google Play Store that falsely claimed to provide access to call histories for any phone number. These apps have been downloaded over 7.3 million times, with one app alone accounting for over 3 million downloads. The operation, named CallPhantom, primarily targeted Android users in India and the Asia-Pacific region. Users were lured into subscription services, paying for access to fictitious data, including call histories and SMS records, but received only randomly generated information. Some apps were published under the developer name "Indian gov.in" to create a false sense of trust. Payments were processed through the Google Play Store or third-party applications like Google Pay and Paytm. Users who subscribed via Google Play may be eligible for refunds, while those who used third-party payment methods may not be able to recover their funds. The fraudulent activity may have been ongoing since at least November 2025.

AppWizard

May 8, 2026

Android alert: 7 million users downloaded ‘stalking’ apps that were actually scams

Security researchers at ESET uncovered a scam involving 28 applications named "CallPhantom," which collectively amassed over 7.3 million downloads on the Google Play Store. These apps promised access to call histories, SMS records, and WhatsApp call logs for any phone number, raising privacy concerns. They requested intrusive permissions from users' devices, leading to potential privacy violations. Payment structures varied, with some using Google Play's billing system and others circumventing it through third-party methods. ESET reported the apps to Google in December 2025, resulting in their removal from the Play Store. A recent search confirmed that these apps are no longer available.

AppWizard

May 8, 2026

Scam Android apps on Google Play got millions of downloads from a creepy pitch

Researchers uncovered a scam involving 28 fraudulent applications on the Google Play Store, collectively called "CallPhantom," which garnered over 7.3 million downloads. These apps promised access to call logs, SMS records, and WhatsApp history for any phone number, but users received fabricated data after paying a fee. The apps varied in appearance but shared a common strategy of generating random phone numbers and pairing them with pre-existing names and call details. Some requested email addresses to send the 'retrieved' history, but none had the necessary permissions to access the claimed data. Payment methods included Google Play’s official billing system and third-party platforms, with some apps misleading users into staying on subscription screens. ESET reported these apps to Google on December 16, leading to their removal from the Play Store.