Windows malware Archives

Winsage

April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.

Tech Optimizer

January 9, 2026

MacPaw Moonlock

Moonlock is a new antivirus solution for Mac developed by MacPaw, utilizing technology from CleanMyMac. It features a basic VPN, security configuration scan, and an elegant user interface, but some functionalities may not perform as expected. The annual subscription for a single Mac is priced higher than competitors like CleanMyMac and G Data Antivirus. Moonlock requires macOS 13 (Ventura) or later for compatibility. Setting up the app involves creating an account and granting permissions, with a full scan recommended post-installation. In independent lab tests, Moonlock scored 5.5 out of 6 in protection and 6 in usability, but its performance rating was 4.5 points, lower than competitors. The Security Advisor feature provides advice on enhancing security, while the System Protection feature identifies areas for improvement. Moonlock includes a basic VPN with 61 server cities in 50 countries. Its Network Inspector focuses on blocking traffic from specified countries, but its effectiveness is questionable. Flexible scan scheduling is available, but it does not guarantee the removal of Windows malware. The app includes informational panels and animated videos, but it currently lacks effective phishing protection, failing to block known fraudulent websites.

Tech Optimizer

July 11, 2025

K7 Antivirus for Mac

K7 AntiVirus for Mac provides basic malware elimination but lacks essential features such as browser-level protection, which is critical for user safety against malicious websites. Its Windows version offers more comprehensive features, including a firewall and exploit protection, while being priced significantly lower than the Mac version. K7's pricing for Mac subscriptions is competitive, with a one-Mac subscription costing less than average market prices. The software is compatible with older macOS versions, dating back to Yosemite (10.10). K7 has not participated in independent testing labs, which limits its evaluation compared to competitors that have received high scores. The installation process is straightforward, and K7 performs full scans quickly, but it does not offer a quick scan option. K7 lacks protection against phishing attacks and does not detect Windows malware, which is a feature present in many competing antivirus solutions.

Tech Optimizer

June 13, 2025

‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI

A new strain of Windows malware called "BrowserVenom" is exploiting interest in DeepSeek's AI models by targeting users through deceptive Google ads. These ads lead to a counterfeit website, "https[:]//deepseek-platform[.]com," where users are tricked into downloading a harmful file named “AILauncher1.21.exe.” This malware monitors and manipulates internet traffic, allowing attackers to intercept sensitive data. The operation is believed to involve Russian-speaking threat actors, and the malware has infected users in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The fraudulent domain has been suspended, but the malware can evade many antivirus solutions. Users are advised to verify official domains when downloading software.

Tech Optimizer

May 8, 2025

This Is a Mac-Only Antivirus Software, And It Is Your Ultimate Shield Against Hackers (Now 60% Off)

Cyberattacks are increasingly common due to psychological warfare among global powers. Macs are vulnerable to these attacks, necessitating effective antivirus solutions. Intego is the only antivirus software developed specifically for macOS, offering two packages: Mac Internet Security and Mac Premium Bundle. The Mac Internet Security suite includes real-time antivirus protection, a customizable firewall, and anti-phishing features, priced at .99 for one Mac or .99 for three Macs during the first year. The Mac Premium Bundle adds features like system cleanup, parental management, and automated backups, starting at .99 for one Mac or .99 for three Macs in the first year. Intego is designed specifically for Apple computers, providing lightweight, effective protection with minimal impact on system performance. It has a perfect malware detection score and offers a 30-day money-back guarantee. Users can also add a VPN subscription as Intego is associated with CyberGhost and ExpressVPN.

Tech Optimizer

April 29, 2025

Intego Mac Internet Security

PCs were introduced before Apple’s Macintosh, leading to the emergence of PC viruses and the establishment of antivirus companies, with Macintosh protection being less prioritized. Intego focused on Macintosh security from the start, offering Intego Mac Internet Security, which includes a firewall that manages network permissions and defends against external attacks. Intego has been effective against Mac malware, achieving a 99.1% malware detection score in independent lab tests, although it lacks phishing protection, a feature offered by competitors Norton 360 Deluxe and Bitdefender Antivirus Plus. Intego's pricing is competitive, with a standard annual fee of .99 for a single license and .99 for three licenses. A five-device subscription costs .99, while the Mac Premium Bundle starts at .99 annually and includes additional features. A 14-day free trial is available, and free alternatives like Avast and AVG are also on the market. Intego supports older macOS versions back to Mavericks (10.9), but the latest version requires High Sierra (10.13) or later. The installation process for Intego is straightforward, requiring a restart and granting necessary permissions. The main interface includes components for updates, firewall, and antivirus, with user-friendly access to scanning options. Intego has received certification from AV-Comparatives and detected 100% of Windows malware samples in tests. Its quick scan takes about two and a half minutes, while a full system scan takes seven minutes. Intego's Safe Browsing feature checks existing browser protections but lacks a dedicated antiphishing solution. The NetBarrier firewall allows users to classify their network and manage traffic permissions effectively, although it may be complex for some users.

Tech Optimizer

March 27, 2025

This dangerous new Windows malware hides from your antivirus while impersonating a popular PC brand

A new strain of malware called CoffeeLoader targets Windows users by pretending to be an ASUS utility, specifically imitating ASUS's Armoury Crate. It has sophisticated evasion techniques that allow it to bypass antivirus software. Once installed, it deploys infostealers like Rhadamanthys Infostealer to extract sensitive information. CoffeeLoader operates undetected by executing code on the GPU instead of the CPU, using Call Stack Spoofing to disguise its activities, and employing Sleep Obfuscation to encrypt itself in memory when inactive. It also exploits Windows Fibers to evade detection. To protect against CoffeeLoader, users should download Armoury Crate only from the official ASUS website and be cautious of deceptive links and ads that may lead to malware installation.

Tech Optimizer

March 17, 2025

F-Secure Internet Security for Mac

F-Secure Internet Security for Mac provides essential malware protection, including quarantine capabilities and safeguards against future attacks, but lacks features compared to competitors like Norton 360 Deluxe and Bitdefender Antivirus Plus. Its pricing structure includes .99 for one license, .99 for three, and .99 for five licenses, with options for up to 25 devices at 4.99 annually. F-Secure requires macOS 12 or later and has been rated excellent by AV-Test Institute, achieving a perfect score of 18 in recent macOS tests. The software offers a quick virus scan and custom scan options but does not include scheduled scanning. It successfully quarantines 82% of Windows malware samples and scores 94% in phishing detection. F-Secure includes parental controls for managing children's online activities and features scam protection similar to its Windows version.

Tech Optimizer

March 7, 2025

Webroot Premium

PCMag editors independently select and review products. Webroot Premium combines device-level protection with identity theft tracking and remediation, but its antivirus protection is limited compared to competitors. Webroot Premium costs .99 per year for five devices and one identity, with a family edition available for .99 covering ten devices and identities. Other competitors like Bitdefender Ultimate Security and Norton 360 With LifeLock offer more comprehensive features at similar price points. Webroot AntiVirus has been rebranded as Webroot Essentials, and older versions have been phased out. The installation process for Webroot Premium is straightforward, and it includes a firewall that monitors network activity. Webroot's antivirus effectively identifies malware, achieving a 100% detection rate in tests. It also offers a secure deletion tool and basic identity protection features, including credit monitoring, transaction monitoring, and dark web monitoring, though these features are less comprehensive than those of competitors. Webroot provides 24/7 support for identity restoration, with a monetary guarantee for remediation services up to million for ten family members. Overall, while Webroot Premium offers solid antivirus protection, its identity protection capabilities are limited compared to other security suites.