web browsers Archives

Winsage

April 8, 2025

Neptune RAT malware is hijacking Windows PCs, holding them for ransom and stealing passwords

Cybercriminals have released a new malware strain called Neptune RAT, which targets Windows PCs and is capable of stealing cryptocurrencies and passwords, as well as holding data for ransom. It features a crypto clipper that can alter cryptocurrency wallet addresses, a password-stealing function affecting over 270 applications, and ransomware capabilities that lock files until a ransom is paid. The malware can disable antivirus software, monitor victims' screens in real-time, and has the ability to wipe a PC. It is distributed through platforms like GitHub, Telegram, and YouTube, making it difficult for cybersecurity researchers to analyze. Users are advised to be cautious with downloads, consider identity theft protection services, and practice safe browsing habits to mitigate risks.

Tech Optimizer

April 8, 2025

Highly Dangerous New Malware Can Destroy Windows PCs, Steal Passwords And Crypto

Neptune RAT is a Remote Access Trojan that allows attackers to take control of vulnerable systems. It features a built-in crypto clipper that intercepts and modifies cryptocurrency transactions, redirecting funds from victims to hackers. The RAT can extract login credentials from over 270 applications, including web browsers like Chrome, increasing the risk of identity theft and financial loss. It can deploy ransomware to lock files and demand a ransom for their release. Neptune RAT can disable antivirus software, leaving systems vulnerable. It also enables real-time screen monitoring to spy on users, capturing sensitive information. In severe cases, it can execute a destruction option, potentially obliterating the victim's computer system.

Winsage

April 4, 2025

Gone all in on Windows 365? Microsoft has a box for you

Microsoft's Windows 365 Link is a compact device priced at £349, designed to connect users to a Windows 365 Cloud PC hosted in the Azure cloud. It measures 120 mm x 120 mm x 30 mm and weighs 418 grams. The device features an HDMI port, a USB-C port, three USB-A ports, an Ethernet socket, Bluetooth, and Wi-Fi support, but lacks local storage. It is aimed at organizational use for employees utilizing Windows 365 with Microsoft Intune and Microsoft Entra ID, supporting Windows 365 Enterprise, Frontline, and Business editions, while excluding Windows 365 Government. The device is marketed towards desk-based or frontline workers in shared workspaces and is available through select resellers like Ricoh UK and Insight Enterprises in the US.

Winsage

April 3, 2025

Microsoft at 50: how adaptability under Nadella is paying off

Bill Gates and Paul Allen founded Microsoft fifty years ago to sell a version of the Basic computer language for the Altair. Microsoft has evolved from its initial focus on PC software to commanding a vast network of global data centers and recently investing in generative AI. The company faced challenges from the rise of the internet and smartphones, which shifted focus away from PCs, leading to stagnation in its stock price. Satya Nadella became CEO in 2014 and shifted Microsoft towards a cloud-first strategy, embracing open-source software and partnering with OpenAI for exclusive access to AI models. Under his leadership, Microsoft has adapted to changes in the tech landscape, although the impact of generative AI remains uncertain. Since Nadella's appointment, Microsoft's stock price has increased tenfold, raising its market value to nearly .8 trillion.

Winsage

April 1, 2025

7 PowerToys Run plug-ins I use to boost my productivity

PowerToys is a suite of productivity tools for Windows 11, featuring over two dozen modules. PowerToys Run is a launcher and search bar that simplifies launching applications and finding files. It can be enhanced with plug-ins, including: - Window Walker: Allows users to search for running applications for quick window switching. - OneNote: Enables quick access to notebooks and pages after activation. - WinGet/Scoop: Streamlines app installation and uninstallation from a trusted repository. - BrowserSearch: Facilitates quick searches of browser history across different web browsers. - FastWeb: Allows users to create shortcuts for websites accessible via text commands. - Everything: Provides a fast search engine for files, improving upon the basic file search capabilities. - Clipboard Manager: Makes clipboard history searchable for easier reuse of text clips.

Tech Optimizer

March 31, 2025

Watch Out for This Info-Stealing Malware on Windows

A new malware strain called CoffeeLoader has been identified, posing a significant risk to gamers by masquerading as a legitimate ASUS utility, specifically the Armoury Crate software. Once it infiltrates a system, it deploys the Rhadamanthys infostealer, which can extract sensitive information such as credentials from web browsers, email clients, cryptocurrency wallets, and password managers. CoffeeLoader evades detection by most security tools by operating on the GPU instead of the CPU and using advanced techniques like call stack spoofing, sleep obfuscation, and exploiting Windows fibers. To protect against CoffeeLoader, users should exercise caution when downloading software, navigate directly to official websites, avoid suspicious links, and adhere to basic cybersecurity practices. If infection is suspected, users should disconnect from the internet, reboot in safe mode, delete temporary files, and check Task Manager for unusual activity. Employing a reliable malware scanner can help identify and eliminate infections.

Winsage

March 21, 2025

How I made Arch Linux look and run better than Windows

Arch Linux operates on a rolling release model, providing continuous updates without major version changes. It is lightweight, enhancing performance for applications like gaming, and features an easy installation process. KDE Plasma is recommended as a desktop environment, offering a familiar interface and extensive customization options. Essential applications for productivity include Obsidian, GIMP, LibreOffice, Krita, and Kdenlive, along with popular web browsers and communication tools. Installing Steam on Arch Linux allows access to a wide range of games, with Proton enabling many Windows games to run smoothly. Transitioning from Windows to Arch Linux is facilitated by a modern user interface, though it may require some command-line interaction.

Tech Optimizer

March 20, 2025

Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs

Microsoft Incident Response has identified a new remote access trojan (RAT) called StilachiRAT, which extracts sensitive information from infected computers, including passwords, cryptocurrency wallet details, operating system specifications, and device identifiers. StilachiRAT has a self-reinstatement mechanism that allows it to reinstall itself if removed. It targets digital wallets from platforms like Coinbase Wallet, Phantom, Trust Wallet, Metamask, OKX Wallet, and Bitget Wallet. The malware can harvest credentials from web browsers, monitor clipboard data, gather system information, detect camera presence, and track active Remote Desktop Protocol (RDP) sessions. It can extract credentials from Google Chrome, monitor clipboard activity, and maintain its presence using the Windows service control manager. StilachiRAT can impersonate users to monitor RDP sessions and employs anti-forensics mechanisms to evade detection. Discovered in November of the previous year, it has not yet achieved widespread distribution. Microsoft advises users to download software from official websites, use robust security software, install reputable antivirus, be vigilant against phishing attacks, avoid clicking on unexpected links, and consider using a VPN and password manager for enhanced security.

Winsage

March 19, 2025

6 essential skills every Windows 11 user needs to master

- Windows 11 users can enhance their experience and security by mastering essential skills such as managing updates, securing online presence, and utilizing system settings. - To protect accounts and sensitive information online, users should consider using a password manager, passkeys, and enabling two-factor authentication (2FA) on accounts. - A VPN with end-to-end encryption can enhance online security, and users should familiarize themselves with their web browser's security settings. - Windows 11 updates are released on the first Tuesday of each month, with a major feature update annually; users can prevent auto-restarts and pause updates for up to five weeks. - The Settings app in Windows 11 has replaced much of the Control Panel for managing system settings, and users should explore it thoroughly. - OneDrive is integrated into Windows 11 for backing up, restoring, and sharing files, and users can create encrypted folders and use Files-on-Demand. - Regularly reviewing and uninstalling unnecessary applications can help maintain PC performance, and users can manage default applications and disable startup apps via Task Manager. - Accessing the BIOS/UEFI allows for updates, security adjustments, and hardware configuration changes, typically done by pressing keys like Esc, F2, or F8 during boot.

Winsage

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

Microsoft's Windows Defender Application Control (WDAC) has become a target for cybersecurity researchers, with bug bounty payouts for successful bypasses. IBM's X-Force team reported various outcomes from WDAC bypass submissions, including successful bypasses that lead to potential bounties, those added to the WDAC recommended block list, and submissions without recognition. Notable contributors like Jimmy Bayne and Casey Smith have made significant discoveries, while the LOLBAS Project has documented additional bypasses, including the Microsoft Teams application. The X-Force team successfully bypassed WDAC during Red Team Operations using techniques such as utilizing known LOLBINs, DLL side-loading, exploiting custom exclusion rules, and identifying new execution chains in trusted applications. Electron applications, which can execute JavaScript and interact with the operating system, present unique vulnerabilities, as demonstrated by a supply-chain attack on the MiMi chat application. In preparation for a Red Team operation, Bobby Cooke's team explored the legacy Microsoft Teams application, discovering vulnerabilities in signed Node modules that allowed them to execute shellcode without triggering WDAC restrictions. They developed a JavaScript-based C2 framework called Loki C2, designed to operate within WDAC policies and facilitate reconnaissance and payload deployment. A demonstration of Loki C2 showcased its ability to bypass strict WDAC policies by modifying resources of the legitimate Teams application, allowing undetected code execution. The ongoing development of techniques and tools by the X-Force team reflects the evolving cybersecurity landscape and the continuous adaptation required to counter emerging threats.