wallet Archives

AppWizard

March 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have identified six new families of Android malware designed to extract sensitive data and facilitate financial fraud. Notable threats include: - PixRevolution: Targets Brazil's Pix payment platform, activates during Pix transfers, and uses real-time monitoring to intervene in transactions. Victims are tricked into installing malicious apps from counterfeit Google Play Store listings, which enable accessibility services for the malware to capture screens and overlay fake interfaces to reroute funds. - BeatBanker: Spreads through phishing attacks disguised as legitimate Google Play Store pages. It uses an inaudible audio loop for persistence, functions as a banking trojan, and includes a cryptocurrency miner. It creates deceptive overlays for platforms like Binance and Trust Wallet to divert funds and can monitor web browsers and execute remote commands. - TaxiSpy RAT: Exploits accessibility services to gather sensitive information such as SMS messages and call logs, targeting banking and cryptocurrency applications with overlays for credential theft. It employs advanced evasion techniques like native library encryption and real-time remote control. - Mirax: A private malware-as-a-service (MaaS) offering with a subscription model that provides tools for banking overlays and information gathering, including keystrokes and SMS. - Oblivion: Another Android RAT available at a competitive price, featuring capabilities to bypass security measures on various devices. - SURXRAT: Distributed through a Telegram-based MaaS ecosystem, it uses accessibility permissions for persistent control and communicates with a Firebase-based command-and-control infrastructure. Some samples incorporate a large language model component, indicating experimentation with AI by threat actors.

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

AppWizard

February 28, 2026

PC Gamers Save $20 In Double Free Game Giveaway, Yours to Keep

PC gamers can claim two free games, Boxes: Lost Fragments and My Night Job, from the Epic Games Store. Players need to download the Epic Games Store launcher to access these titles at no cost. Boxes: Lost Fragments is a puzzle game set to release on February 1, 2024, while My Night Job is an action-packed beat 'em up game that debuted in April 2016. Both games have received a “Very Positive” rating on Steam. The free offer is available until March 5, 2026.

AppWizard

February 26, 2026

How Your Android Apps Keep Talking — Even When You’re Not Using Them

When connecting to public Wi-Fi, using a VPN is essential as it encrypts traffic and creates a secure tunnel between the device and a remote server, keeping activities concealed from the local network. Android devices continuously communicate in the background, performing tasks such as updating emails and syncing notes, which increases data visibility on public networks. Public Wi-Fi has become common due to remote work and shared spaces, leading to increased privacy risks as smartphones now store sensitive information like banking apps and personal photos. Users are encouraged to adopt simple security habits, including using a VPN when connecting to public networks. Android devices are always connected, making network-level protection important to safeguard background communications.

AppWizard

February 25, 2026

Numo Launches Bitcoin Tap-to-Pay App For Merchants

Numo has introduced a tap-to-pay point-of-sale app that allows merchants to accept Bitcoin payments without additional hardware, utilizing the Cashu open-source ecash protocol. The app is available for free as an open-source Android download, with plans for a Google Play Store release. It uses NFC technology for quick transactions, enabling customers to pay via a Cashu wallet interacting with an NFC tag on the merchant's device. Payments are settled in Cashu ecash, which can be automatically transferred to a merchant's Lightning address once a specified balance is reached. Numo also supports Lightning invoices and offers features like inventory management, payment history tracking, offline payment support, and tipping options. The app has no platform fees and is developed under the MIT license, aiming to simplify Bitcoin payments for merchants. Cashu employs blind signatures for privacy-preserving custodial payments and connects independent mints over the Lightning Network.

Winsage

February 20, 2026

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.

Tech Optimizer

February 19, 2026

We all need digital protection and the ESET Home Security Plan is the bees knees

ESET's HOME Security Ultimate is available for .99, down from its original price of .99, offering a 50% discount. The package includes features such as unlimited VPN, dark web scanning for identity protection, credit report monitoring, identity threat alerts, Social Security Number tracking, lost wallet assistance, and million insurance coverage. It provides real-time protection against malware, advanced AI-powered threat detection, a robust firewall, and network shield. The plan emphasizes proactive identity protection and secure online activities, including safe banking and browsing modes.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

Winsage

February 18, 2026

Attackers steal Windows users’ data using fake CAPTCHA checks

Fraudsters are using counterfeit CAPTCHA confirmation pages to deploy StealC, an information-stealing malware targeting Windows systems. Users are tricked into visiting compromised websites where a fake CAPTCHA prompts them to execute a sequence of keystrokes that runs a malicious PowerShell command. This command connects to a remote server, downloads shellcode, and injects the StealC payload into svchost.exe. Once installed, StealC collects sensitive information such as browser credentials, email data, and cryptocurrency wallet details, facilitating fraud and account hijacking. The malware operates primarily in the system's RAM, making detection difficult.

AppWizard

February 17, 2026

This new Android feature is amazing, but I’m scared for its future

Android 16 introduced Live Updates, a feature that prioritizes important notifications like transit directions and Uber progress, making them easily accessible without needing to open the app. Live Updates display information in a bubble or chip in the status bar, allowing users to glance at their screens for essential updates. This feature is particularly useful for public transport users and drivers, as it integrates seamlessly into the Android interface, appearing in the notification drop-down, on the lock screen, and on the always-on display. However, the adoption of Live Updates among developers has been low, with only a few apps like Uber, byAir, and Flud utilizing it effectively. Many Google applications, such as the Clock app and the Google app, have not integrated Live Updates, raising concerns about the feature's future viability.