Monday, July 6, 2026


TECH


Why gen Z has turned against technology and big tech

Hundreds of people gathered in New York between late June and early July to participate in "Summer of Ludd," a series of free events teaching city residents how to live with less technology. Held primarily in Tompkins Square Park in the East Village, the festival featured workshops, plays, and discussions on reducing reliance on mobile phones, social media, and artificial intelligence.

Photography, recording, and the use of mobile phones were prohibited during the activities, and none of the events were advertised online; instead, promotion relied on posters and flyers distributed throughout the neighborhood. This report comes from the American magazine *WIRED*.

The festival's name alludes to Luddism, a movement of artisans and weavers who, in the early 19th century, resisted the replacement of their labor by machines during England's Industrial Revolution. Today, the term "Luddite" has resurfaced to describe those who question technology's central role in daily life, even without rejecting it entirely.

Dissatisfaction among a generation raised online...The movement has attracted primarily young people from Generation Z—the first generation to grow up entirely in the digital age. A Pew Research Center survey released in 2025 shows that 48% of American teens interviewed in 2024 stated that social media has a negative impact on people their age, up from 32% in 2022.

A highlight of the program was the play *Luddite Recreations*, which retells the history of the Luddite movement to an audience of around 300 people. The schedule also included hands-on workshops, such as an amateur radio class and walks designed for "flirting without dating apps." An organization called the School of Radical Attention—dedicated to discussing the effects of digital platforms on human attention—also participated in the activities. The festival organizers prefer to remain anonymous and address the public through a puppet named Gowanus—a sort of blue-cloth spokesperson. According to Gowanus, the group consists of "organizers with no formal affiliation who noticed similar issues regarding isolation and over-reliance on big tech companies," and they began planning "Summer of Ludd" in January.

"We believe the event is a vehicle for social change, where people can meet in physical space," Gowanus stated. "When we try to organize online, Mark Zuckerberg’s eyes and Silicon Valley’s fingers are all over the sacred interactions of our lives."

Participants interviewed by WIRED shared personal experiences regarding stepping away from screens. Student Staoue, who preferred not to give her last name, said she became interested in the subject after switching from computer science to the humanities. According to her, the fast pace imposed by technology drives people to scroll through screens as a way to cope with stress, when they could instead be learning a language or a new hobby.

Meanwhile, 20-year-old Mara McGuire highlighted the value of direct contact with others. "What interested me most was the emphasis on human connection and gaining new perspectives by going out into the world," she said.

A former employee of a major tech company, who asked not to be identified for fear of retaliation, reported quitting his job after company leadership began encouraging non-technical staff to write code using artificial intelligence tools and deploy that code into production. He described the practice as a cause for concern for those working in systems security.

A broader movement rejecting technology...The New York festival is part of a wider trend of rejecting certain uses of technology. Dating apps are losing ground to in-person meetups—such as those organized by running clubs—according to a report by Forbes. Graduation speeches extolling artificial intelligence have also been met with boos from students at recent ceremonies in the United States.

According to Andrew Maynard, a professor of advanced technology transitions at Arizona State University, the original Luddite movement was driven by labor concerns rather than a blanket rejection of technology. Even so, he acknowledges that the term's current usage aptly describes those who resist technology's encroachment on their autonomy. However, the researcher believes such movements are unlikely to significantly alter people's day-to-day behavior.

Damian Thomas, the developer behind Unplatform—a site that aggregates alternatives to social media—took part in the festival's activities and noted that his professional background drew him to the subject. In his view, just as 19th-century Luddites relied on machines controlled by third parties, today's technology also concentrates power in the hands of a few companies. According to Thomas, most people won't abandon social media overnight, but they can adopt habits and tools that gradually reduce that dependency.

"We are where public opinion is," Thomas said, summarizing the movement's reach among those who did not directly participate in the festival.

Gen Z is leading a pushback against technology because they are seeking to regain control over their attention, mental health, and privacy. Having grown up immersed in the digital world, they are deeply aware of algorithmic manipulation, the pressure of social media performance, and the threat of artificial intelligence to human creativity and job security.

Digital fatigue and burnout: Young people report exhaustion from the constant A/B testing, metrics-driven validation, and performative curation popularized by older millennials.

Mental health concerns: Extensive research shows constant connectivity degrades mental health and shortens attention spans. Gen Z has grown increasingly critical of the platforms they use, with Pew Research noting a massive jump in teens stating social media has a negative effect.

The "dumbphone" trend: Seeking relief from constant notifications and toxic algorithms, many Gen Zers are voluntarily downgrading to basic, feature-limited "dumbphones". The resurgence of single-use devices like film cameras, standalone MP3 players, and paper planners is part of a broader shift toward digital minimalism.

Job displacement fears: The rapid push for AI automation has sparked major anxieties about the future of entry-level jobs and the stability of the modern workforce.

Erosion of authenticity: Young people fear that AI is eroding the quality of real human interaction and flooding the internet with low-quality, fabricated content.

Workplace resistance: A significant portion of Gen Z employees are deeply distrustful of corporate AI initiatives. Surveys have revealed that many deliberately resist or subvert their company's AI integration to protest job displacement and the paradoxical increase in their workload

mundophone

Sunday, July 5, 2026


TECH

AI-powered social media can subtly manipulate opinion at scale, new study finds

The study found that large language models (LLMs) consistently changed the direction of social media posts on contested topics, even when explicitly instructed to preserve the original meaning. The researchers also show, through simulations of real-world social networks, how these small changes could accumulate across millions of interactions and gradually influence broader public opinion. 

The findings raise questions about the growing use of AI-powered writing tools on social media platforms and suggest that AI-mediated communication could become a powerful new mechanism for influencing public discourse.  

The study, AI-Mediated Communication Can Steer Collective Opinion, authored by Dr. Stratis Tsirtsis, Kai Rawal, Professor Chris Russell, Professor Brent Mittelstadt and Professor Sandra Wachter, has been accepted for presentation at the AI4Good and Technical AI Governance Research workshops at the International Conference on Machine Learning (ICML 2026) in Seoul, South Korea. 

Key findings...AI writing and editing tools can introduce bias into social media posts. Large language models (LLMs) systematically altered the direction of users' messages on contested topics, even when instructed to preserve the original meaning.  

Biases were similar across different AI systems. Multiple models tended to nudge posts in similar directions, favouring some positions such as gun control, marijuana legalisation and feminism, while pushing against others such as atheism and the death penalty.  

Small changes in individual posts can influence public opinion over time. Simulations using real-world social network data showed that subtle biases introduced into posts can accumulate and gradually shift opinions across online communities.  

AI-assisted communication creates a new route for influencing public discourse. The researchers argue that AI systems embedded in social media platforms can shape how opinions spread online, creating new challenges for transparency, accountability and regulation.  

The source of bias is not just the AI model itself. The study shows that specific implementation decisions made by platforms can significantly affect the direction and magnitude of AI-generated influence. 

Methods...The researchers instructed large language models (LLMs) from different providers to transform human-written texts on contested topics into improved social media posts. They then analysed whether the AI-generated versions systematically changed the position expressed in the original posts. Next, they used mathematical modelling and computer simulations based on real social network data from X and Facebook to examine how these small changes could spread through online networks and affect broader public opinion over time. 

Example: Grok’s “Explain this post” feature 

By recreating and testing X’s “Explain this post” feature, with a focus on abortion-related posts, researchers found that Grok was more supportive of pro-life posts than pro-choice posts. By removing X’s instructions one by one, they traced this imbalance back to a single instruction telling Grok to “challenge mainstream narratives if necessary”. This experiment illustrates how targeted, easy-to-implement platform interventions can shape the way AI systems influence public discourse online. 

Implications for regulation...The research highlights AI-mediated communication as an emerging form of influence that existing regulatory frameworks do not yet cover. While initiatives such as the EU AI Act and Digital Services Act focus on systemic risks, harmful content, discrimination, and threats to democratic processes, they do not directly address the more subtle ways AI can shape opinions through drafting, editing, or contextualising online content. 

“Our research points to AI-mediated communication as a new and more subtle way of influencing opinions – one the law has yet to catch up with – and offers food for thought about who, or what, is shaping public discourse,” says senior author Sandra Wachter, Professor of Technology and Regulation at the Oxford Internet University of Oxford Institute, 

University of Oxford


DIGITAL LIFE


AI is already changing the way cyberattacks unfold

A new report reveals that criminals are already exploiting artificial intelligence models in unprecedented ways. This scenario concerns experts and could completely transform how companies protect their systems.

For a long time, artificial intelligence was viewed primarily as a tool to boost productivity, create content, and automate tasks. However, as these technologies evolve, they are increasingly being adopted by criminal groups for ever more sophisticated attacks. A recent report shows that this shift is already underway, indicating that cybersecurity may be entering a new era where intelligent programs face off against other equally intelligent programs.

A study highlights that language models are being used by cybercriminals in far more advanced ways than imagined just a few years ago. Rather than merely accelerating repetitive tasks, artificial intelligence has begun to play a direct role in decision-making during cyberattacks.

In practice, this means certain malicious programs can alter their own structure while running, modifying code segments to evade detection by traditional security tools.

This behavior marks a significant shift from conventional malware. Historically, antivirus software and protection platforms relied on analyzing digital signatures, known patterns, and previously cataloged behaviors to identify threats. Now, however, some programs can continuously alter these patterns, making detection far more complex.

According to experts, some groups also use language models to automatically create new routines, adapt strategies based on the target system's response, and modify execution methods to bypass defense mechanisms.

While this type of technology does not yet fully replace human involvement, it reduces the time required to plan attacks and enhances adaptability during an intrusion.

Another aspect highlighted in the report is the growing use of AI by cybercrime groups and state-sponsored organizations, demonstrating that the technology has moved beyond the experimental stage to become an integral part of actual operations. The advancement of artificial intelligence has also brought about another problem: criminals are learning to exploit AI models themselves to obtain information that facilitates the creation of malicious code.

Major commercial systems typically have security mechanisms in place to reject dangerous requests. Even so, researchers observe that some users attempt to bypass these barriers by presenting seemingly legitimate requests, such as academic exercises or information security research. This type of manipulation—known as AI-based social engineering—has become a new area of ​​focus for the companies responsible for these models.

Furthermore, experts warn of a growing underground market for AI-based tools sold to facilitate attacks such as phishing campaigns, the automated production of malicious code, and other illegal activities.

This scenario reinforces a trend already under discussion within the industry: the future of cybersecurity will increasingly depend on the use of artificial intelligence for defense as well.

Instead of relying solely on systems based on fixed rules, companies are investing in platforms capable of continuous learning, identifying unusual behaviors, and responding rapidly to novel threats.

The expectation is that the next generation of security solutions will utilize intelligent models to analyze vast amounts of data in real time, detect suspicious patterns, and react before an attack causes significant damage.

Ultimately, the transformation lies not only in the evolution of malware but in a shift in the digital battlefield itself. While the conflict once played out between hackers and traditional antivirus software, all signs point to a future confrontation between AIs trained to attack and those developed to thwart such attacks.

This technological race is just beginning, and its evolution could determine how companies, governments, and users protect their data in the years to come.

AI has already changed the nature of attacks by democratizing cybercrime, reducing execution time from days to seconds, and enabling large-scale intelligent automation. Advances in frontier AI and autonomous AI have redefined the digital threat landscape.

1. Lowering the barrier to entry...Attacks that once required advanced programming knowledge can now be executed by inexperienced criminals. Generative AI models can be instructed via simple prompts to write malware code, debug scripts, or structure entire campaigns.

2. Machine-speed attacks...AI analyzes thousands of lines of code, networks, and APIs for vulnerabilities at lightning speed, far surpassing human checking capabilities. Where humans once spent hours or days finding a flaw, AI takes only minutes.

3. Hyper-realistic social engineering...The classic phishing email riddled with grammatical errors is a thing of the past. AI now generates perfectly personalized and convincing text. Through voice cloning and video deepfakes, criminals can highly convincingly impersonate executives or technical support staff.

4. Polymorphic and autonomous malware...Criminals employ AI agents that operate continuously. They create malware capable of constantly altering its own code (polymorphism) to evade traditional defense systems. Furthermore, AI can navigate corporate networks, validate data, and exfiltrate it without human intervention. To combat a landscape where AI attacks and defends at the same speed, companies and institutions must adopt automated defenses and behavior-based intelligence, while also protecting their AI models against manipulation. You can follow key cybersecurity trends in the AI ​​era via Palo Alto Networks or read more about the impact on organizations from Microsoft. The continuous operation of AI-powered bots, which work tirelessly, represents another advantage for attackers. Threat actors use generative AI to craft phishing lures, translate content, summarize stolen data, and generate or debug code. AI tools are already capable of independently identifying thousands of critical vulnerabilities in operating systems and browsers.

mundophone

Saturday, July 4, 2026


DIGITAL LIFE


New browser-based ransomware identified

Check Point Research has identified a new method of browser-based ransomware generated autonomously through an AI hallucination associated with DeepSeek model files.

The attack—validated via a laboratory proof-of-concept released on July 3, 2026—eliminates the need to install malicious applications or exploit vulnerabilities by abusing legitimate web browsing APIs to encrypt local files. This discovery signals a significant shift in how new cyberattack techniques emerge, enabling artificial intelligence to act as a bridge between scattered knowledge and malicious objectives.

The technique relies on repurposing a legitimate local file access feature to encrypt data without installing software. While analyzing approximately 3,000 files attributed to DeepSeek in public telemetry, researchers detected code that, despite inconsistencies in most functions, accurately utilized the File System Access API.

This interface, designed for legitimate web applications such as text editors or creative tools, allows a webpage to request access to a folder on the user's device. If the victim grants permission—often through social engineering—the code gains the ability to enumerate, read, exfiltrate, and encrypt the files within that directory.

The innovation in this scenario lies in the AI ​​model's ability to autonomously link a theoretical risk to a practical attack chain, without advanced human technical intervention.

Android poses higher risk compared to iOS system isolation...The implementation of this technical specification across mobile platforms exposes digital ecosystems unevenly. Full API support, introduced in Chrome version 132 for Android, allows webpages to request direct access to critical folders, such as the DCIM directory. Tests conducted by Check Point Research on Chrome version 148 confirmed that granting this permission puts personal photos, screenshots containing banking data, and identification documents at risk. In contrast, Apple’s iOS ecosystem remains immune to this specific technique, as the Safari browser does not expose the API in question to web pages, instead mediating file access through the operating system's restricted isolation model.

This disparity underscores the need for careful monitoring in environments that utilize Chromium-based browsers.

Generative AI bypasses restrictions via neutral prompts...The language model's security filters reveal vulnerabilities when faced with indirect descriptions of code. In laboratory tests, the DeepSeek V4 model refused explicit requests to create ransomware. However, formulating neutral prompts focused solely on local file interaction functionality resulted in the generation of browser-based malicious code.

The model itself described the final output as a trap built into an image manipulation interface, featuring hidden behaviors akin to ransomware. In comparative evaluations, OpenAI and Anthropic systems refused requests or limited implementations to safe variants, requiring significant manual assembly to achieve a similarly functional workflow.

We are witnessing a fundamental shift in how new cyberattacks can originate. For the first time, we see evidence that an AI model can reason about a platform's legitimate capabilities and identify a functional attack technique that, until now, existed primarily at a theoretical level. The attacker does not even need to know the API exists; simply describing the desired outcome suffices. This has profound implications for organizations integrating AI into their processes and for users who center much of their personal and professional lives around their mobile photo galleries...Rui Duro, Country Manager for Check Point Software Technologies in Portugal.

Practical recommendations for digital mitigation and protection...Responding to this type of threat requires a shift away from security assumptions focused solely on detecting binary executables. Both individual users and corporate infrastructure managers must adopt rigorous controls at the web browsing layer.

For users and citizens:

Evaluate permissions: Treat every browser request for folder access as a critical security decision.

Avoid core directories: Never grant read or write permissions for the DCIM folder or directories containing personal documents.

Isolate tests: Use temporary or empty folders when interacting with unknown web tools or those marketed as AI solutions.

Maintain safeguards: Perform regular, encrypted backups stored offline or with reputable cloud services.

For companies and organizations:

Traffic filtering: Implement security solutions focused on disrupting the delivery chain, such as anti-phishing systems capable of blocking suspicious pages before user interaction occurs.

Group policies: Restrict or monitor the use of the File System Access API in corporate environments via Chromium browser management policies.

System updates: Mandate systematic updates for browsers and operating systems to ensure the implementation of new security controls from vendors.

Implications for the global cybersecurity ecosystem...The ability of artificial intelligence to translate abstract concepts into functional prototypes alters the economics of cybercrime. The technical barrier to entry is substantially lowered, enabling the development of highly personalized, disposable malware that is difficult to classify using traditional signature-based methods. The fact that a technological hallucination resulted in a precise approximation of a real vulnerability demonstrates that the security of language models cannot rely solely on filtering malicious keywords.

The sector faces the challenge of policing not only users' stated intentions but also the unforeseen convergence of legitimate capabilities manipulated by algorithms.

Frequently Asked Questions (FAQ)

-What is browser-based ransomware?

It is an attack technique that runs directly on a malicious webpage, using social engineering to gain access permissions to local folders via legitimate APIs. The method encrypts user files without installing applications or downloading traditional executable files.

-What is the connection between DeepSeek and this new cyber threat?

Researchers identified the attack logic by analyzing code generated by models associated with DeepSeek. The system autonomously linked a legitimate browser feature to a ransomware objective after receiving neutrally phrased instructions.

-How can I protect my Android device against this specific attack?

You should reject requests for access to local folders from unknown webpages, especially if they ask for access to the DCIM directory. It is recommended to frequently update the Chrome browser and use security tools with active anti-phishing protection.

Key points...Fileless execution: The technique does not require app installation or the exploitation of native operating system flaws.

API abuse: The attack utilizes the file system access API in Chromium-based browsers.

Android vulnerability: API support in Chrome on Android allows the photo folder (DCIM) to be exposed.

Algorithmic origin: The functional workflow stemmed from an AI "hallucination" that combined legitimate permissions with malicious intent.

No active campaigns: The research served as a preventive warning; there were no recorded instances of this technique being used in actual attacks at the time of disclosure.

For more information, visit https://blog.checkpoint.com/research/when-ai-invents-the-attack-browser-native-ransomware/

mundophone


TECH


New 4D-printing method creates lighter, faster-spinning wind turbine blades

Small, vertical wind turbines could become cheaper and more efficient, thanks to a new manufacturing technique developed by researchers at Concordia.

Using a process known as 4D printing of composites, PhD candidate Emad Fakhimi and Suong Van Hoa, professor at the Concordia Centre for Composites, aim to make small wind turbines lighter, less expensive and easier to produce.

Vertical-axis wind turbines are often used on buildings and in other urban settings, but their curved blades require specialized, complex molds that can take a long time to make while also being expensive and heavy. With this “first-of-its-kind” 4D printing method, though, the researchers are able to begin with the desired blade geometry, allowing them to work backward to determine how to best arrange and orient layers.

This allows for less expensive and more efficient production of commercial aluminum turbine blades that also weigh about 80 per cent less. Testing also showed that these blades rotated faster.

Wind turbines are one source of generators of green energy. The majority of wind turbines are horizontal axis type, with very long blades and can generate a large amount of energy. Another type of wind turbine is the vertical axis wind turbine (VAWT). These are smaller wind turbines. They are usually located on the roof of buildings. The amount of energy they generate is small but may be sufficient for energy needs in a small building. The global VAWT market size accounted for $12.9 billion in 2022 and is projected to achieve a market size of $17.7 billion by 2032, growing at a CAGR of 3.2% from 2023 to 2032. According to research conducted by the National Renewable Energy Lab (NREL) in the United States, VAWTs provide more yearly energy per unit area than horizontal axis wind turbines (HAWT).

One example of the VAWT is shown in image below. This Savonius type wind turbine is of RX-SV2 turbine from R & X Technology company in Nantong, China. The company specifications mention it exhibits a nominal power output of 200 W, a rotor diameter of 0.48 m, and a weight of 15 kg. It utilizes two sets of aluminum blades, with each set comprising five individual segments. The segments are assembled around a vertical axis, facilitated by horizontal arms. It can be observed that the blades are configured with a backward twist to reach higher performance and harvest more energy. These blades may be made by roll forming, or hydraulic pressing techniques. Either of these techniques requires a mold.

Researchers at Concordia University have developed a manufacturing technique based on 4D printing of composites that could make small wind turbines lighter, cheaper and easier to fabricate. The technology uses curved blades for vertical-axis wind turbines that are fabricated from flat panels made of carbon-fibre composites

This novel fabrication process resulted in blades with shapes resembling those of commercially available aluminium blades, although they weighed 80 per cent less. Laboratory tests showed that vertical-axis wind turbines with such blades rotate faster than the turbines that were equipped with aluminum blades. The researchers said that the proposed technique could lower manufacturing costs and increase the applicability of lightweight composites in renewable energy and other engineering applications.

Vertical-axis wind turbines are currently widely used in buildings and urban areas, but the manufacture of their curved blades requires special procedures and expensive moulds. This makes the fabrication process lengthy and adds additional weight to the turbines. To solve the problem, the scientists developed a one-of-a-kind “inverse” design procedure.

Instead of starting with a specific layup, which refers to the arrangement and orientation of the carbon-fibre layers, and observing the resulting shape, the scientists first designed the blade geometry and, then, figured out how the layers were supposed to be oriented to create it.

Flat carbon or epoxy laminates deform into curved shapes during cooling after being cured. The curvature is achieved through carefully engineered differences in material properties across the layers.

The final assembly of the vertical axis wind turbine blades. Credit: Polymer Composites 

80% lighter wind turbine blades made from flat panels using new 4D-printing tech...Researchers at Concordia University have developed a new way to make small wind turbines, which could make them lighter, less expensive, and easier to build. Their recent study describes a 4D printing method that turns flat carbon fiber panels into curved blades for vertical-axis wind turbines, without the need for complex molds.

Ph.D. candidate Emad Fakhimi and Professor Suong Van Hoa from the Concordia Center for Composites led the project. Their approach could make it easier to produce blades for rooftop and city wind turbines and also boost their performance.

New design method removes the need for complex molds...Vertical-axis wind turbines are becoming more common in cities because they work well in shifting winds and fit easily onto buildings. But making their curved blades has still been difficult.

Traditional manufacturing uses specialized forming processes and custom molds to achieve the desired shape. These molds make production more expensive, take more time, and add extra weight to the blades.

To solve these problems, the Concordia team developed a new “inverse” design process. Rather than starting with the carbon fiber layout and seeing what shape it made, they began by deciding on the blade shape they wanted.

They then worked backward to figure out exactly how to arrange and position the carbon fiber layers so the blade would take on the right shape during manufacturing.

The new method uses 4D printing, which means materials can change shape after they are made. The team began with flat carbon or epoxy composite sheets. After curing and cooling, these sheets bent on their own into the needed curved shape. This happens because the different layers in the composite are designed with varying properties.

By planning the layers ahead of time, the team could make turbine blades without needing extra shaping steps.

The simplified production method eliminates the need for heavy molds while maintaining the exact blade shape required for the turbines to work well.

Lightweight blades deliver stronger performance...Tests showed that the finished composite blades were very similar in shape to commercial aluminum turbine blades.

The biggest advantage came from their weight. The composite blades were 80% lighter than similar aluminum blades, making them easier to fabricate and install.

Lab tests also showed better turbine performance. Turbines with the composite blades spun faster than those with aluminum blades, which suggests the lighter design could help generate more energy in similar conditions.

The researchers believe the manufacturing approach could cut production costs for small wind turbines and help more people use lightweight renewable energy technology.

Since this method uses simple manufacturing and composite materials, it could also work for other engineering projects that need curved, lightweight parts.

Beyond renewable energy, this inverse design approach could help engineers make complex composite parts with fewer steps, using less material and lowering costs. As more industries look for lighter, more efficient structures, this new process could be a practical alternative to traditional mold-based methods.

Source: Concordia University

Friday, July 3, 2026


TECH


Google dismantles NetNut network linked to cybercrime

Disabled Google accounts and associated Google services used by NetNut for malware command and control (C2), which directly violates Google’s Terms of Service and Acceptable Use Policy. 

Google has announced a coordinated operation with the FBI and Lumen Technologies to disrupt the NetNut network, a residential proxy infrastructure associated with cybercrime activities.

According to Google, this network exploited at least 2 million home devices—including smart TVs and Android TV boxes—to route malicious traffic and mask the origin of attacks.

Google’s Threat Intelligence Group states it has blocked accounts and services used to control the operation and shared technical information with authorities and industry partners. Google Play Protect has also begun detecting and disabling applications known to incorporate SDKs linked to NetNut.

The scale of the problem is significant: in a single week in June 2026, Google identified 316 distinct groups—ranging from cybercriminals to espionage operations—using the network's exit nodes to mask their origins. Part of this infrastructure is linked to the Popa botnet, which researchers describe as a network connected to Mirai variants.

The company also warns of the risks associated with applications that promise financial gain in exchange for sharing "unused bandwidth"—a model frequently used to enroll devices in proxy networks without the user's knowledge.

Shared technical intelligence on NetNut software development kits (SDKs) and backend C2 infrastructure with platform providers, law enforcement, and research firms to help drive ecosystem-wide awareness and enforcement.

We ensured Google Play Protect, Android’s built-in security protection, automatically warned users and disabled applications known to incorporate NetNut SDKs, and the system will continue to protect users against future install attempts. These efforts to help keep the broader digital ecosystem safe supplement the protections we have to safeguard Android users on certified devices.

We believe our coordinated actions have caused significant degradation to NetNut’s proxy network and its business operations, reducing the available pool of devices for the proxy operator by millions. In addition to selling access to the network under the NetNut brand, NetNut has a robust reseller program that allows whitelabeling of its network. Google has high confidence that many popular residential proxy brands are in fact whitelabeling the NetNut botnet. While we expect this disruption to have a larger ripple effect across the residential proxy ecosystem, observations after the disruption of IPIDEA proved that individual networks can appear resilient. What we have observed is that when faced with the degradation of their own botnet, proxy operators begin buying capacity from their competitors, effectively becoming a reseller. We recognize that creating a lasting disruption in this fluid ecosystem means we must scale our efforts to target the infrastructure of several interconnected providers. We will continue to observe the composition of the NetNut network and map out how its peers adapt to this action.

NetNut is among the largest and most popular residential proxy networks. Estimating the size of residential proxy networks is extremely challenging, but Google Threat Intelligence Group (GTIG) estimates the size of the NetNut network to be at least 2 million devices, distributed across the world. Public reporting by KrebsOnSecurity and others, confirmed by Google, illustrates that NetNut populates its botnet by distributing SDKs for devices commonly found in homes, such as smart TVs and streaming boxes. GTIG has also identified NetNut botnet plugin components for large-scale botnets such as Badbox 2.0.

Residential proxy networks sell the ability to route traffic through IP addresses owned by internet service providers (ISPs), allowing attackers to mask malicious activity by hijacking these IP addresses. A robust residential proxy network requires controlling millions of residential IP addresses to sell to customers for use. To accomplish this, operators need code running on home devices to enroll them into the malicious network as exit nodes. Home devices become part of proxy networks either because they are pre-installed with malware before purchase or because users unknowingly download applications containing hidden proxy code. This creates serious risks for unsuspecting device owners, as their home IP addresses can be used by attackers as a launchpad for hacking and other unauthorized activities. Consequently, users can have their legitimate traffic flagged as suspicious, or blocked by their service providers.

In a single week during June 2026, GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes, including cybercriminal and espionage groups. These bad actors can use NetNut to mask their origin IP address when accessing victim environments, accessing their own infrastructure, and conducting password spray attacks. Furthermore, when a consumer device becomes an exit node, unauthorized network traffic passes through it. This means bad actors can access other private devices on the same home network, effectively exposing them to Internet threats. Public reports by Synthient, Spur, Nokia Deepfield, and others have documented the use of NetNut to infect devices with variants of Mirai DDoS botnets.

Consumers should be extremely wary of applications that offer payment in exchange for "unused bandwidth" or "sharing your internet." These applications are primary ways for malicious proxy networks to grow, and could open security vulnerabilities on the device’s home network. We urge users to stick to official app stores, review permissions for third-party VPNs and proxies, and ensure built-in security protections like Google Play Protect are active.

Consumers should be careful when purchasing connected devices, such as set top boxes, to make sure they are from reputable manufacturers. For example, to help you confirm whether or not a device is built with the official Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your Android device is Play Protect certified.

mundophone

Thursday, July 2, 2026


DIGITAL LIFE


WhatsApp account hijacking spreads malware globally

A new global cybercrime campaign detected in June 2026 is using WhatsApp account hijacking to spread malicious VBScript files among trusted contacts. The threat affects users of WhatsApp Desktop and WhatsApp Web across multiple continents, with an increasing focus on the European market through the use of multiple languages, including Portuguese. By taking control of legitimate profiles, attackers bypass standard defenses that rely on user skepticism, facilitating the installation of remote monitoring and management software to gain full control over affected systems.

Attackers use previously compromised legitimate profiles to send messages containing malicious attachments to existing contacts on the platform. This approach maximizes the likelihood that the victim will open the document, as the message appears to come from a colleague or friend.

Kaspersky’s Global Research and Analysis Team (GReAT) identified the operation and confirmed that the primary objective is to compromise Windows operating systems using legitimate administrative tools configured for malicious purposes.

Initial geographic distribution revealed a high volume of infections in Asian countries—with Malaysia leading the number of recorded cases, followed by Singapore, Taiwan, and Vietnam—as well as in Brazil. However, the inclusion of metadata and scripts translated into French, German, English, and Portuguese confirms that Europe is one of the criminal group's strategic targets. The files are disguised as invoices, payment receipts, bank statements, and debt notifications to encourage users in corporate environments to open them.

The code underlying this threat hides within structured comments and metadata that mimic official Microsoft operating system components. Once activated by the user, the file executes a sequence of encoded commands via Windows Script Host, running in the background without triggering visible alerts. The initial script creates a temporary directory at the local path `C:\Users\Public\Documents` to download additional payloads from external command-and-control servers.

Fareed Radzi, a security researcher on Kaspersky’s GReAT team, explains the sophistication of the social engineering employed in this campaign.

In this campaign, attackers exploit the trust inherent in messaging platforms by using compromised WhatsApp accounts to send malicious attachments that appear to originate from known contacts, making recipients far more likely to interact with them. File names are carefully disguised as routine business documents—such as invoices and payment notices—and localized into multiple languages ​​to support a broad dissemination strategy. Once opened, they trigger a multi-stage infection chain that silently downloads and executes additional malicious components from external infrastructure.

The final phase of the attack involves the silent installation of a remote monitoring and management software package. While legitimate in corporate technical support contexts, this application grants attackers full administrative privileges, enabling the exfiltration of sensitive data, credential monitoring, and the potential introduction of ransomware into the company's internal network.

Protection against social engineering attacks requires a combination of strict filtering policies and identity validation outside the messaging platform itself. System administrators should implement local rules to prevent script execution on work computers.

Key mitigation guidelines include:

-Restricting extensions: Block the direct execution of files with .vbs, .vbe, .exe, .bat, .cmd, .js, and .ps1 extensions from public user folders.

-Software Restriction Policies (SRP): Configure Windows AppLocker or Group Policies to prevent WhatsApp Desktop from launching unauthorized subprocesses.

-Out-of-band validation: Verify the legitimacy of any invoice or document received via chat platforms through a phone call or corporate email. Network monitoring: Implement detection systems that identify unusual connections from local computers to uncatalogued external servers.

mundophone

TECH Why gen Z has turned against technology and big tech Hundreds of people gathered in New York between late June and early July to partic...