Kaspersky uncovers GoSerpent, a long‑running campaign on Southeast Asian government systems using a backdoor, RAT (Stowaway), and exfiltration tool (TmcLoader)
Attackers showed extreme patience, waiting weeks before deploying secondary tools to evade detection and outlast log retention policies
Attribution remains uncertain, but overlaps with past TetrisPhantom operations; defenders are urged to review shared IoCs to detect compromise
Security researchers Kaspersky discovered a five-year-old piece of malware that’s been hiding on government computers in the Southeast Asian region, harvesting secrets and other actionable intelligence.
The company analyzed a campaign called GoSerpent, which comprises of a backdoor of the same name, a Remote Access Trojan (RAT) called Stowaway, and a two-stage data exfiltration tool called TmcLoader.
The backdoor was first used in 2021, it was said, meaning it was successfully hiding for half a decade. This was achieved, among other things, with plenty of patience and careful planning.
Latest Videos From
TetrisPhantom
“What stands out about GoSerpent is the deliberate dwell time,” Noushin Shabab, Lead Security Researcher in Kaspersky GReAT, explained.
Advertisement
“Usually, attackers want to move quickly once they get a foothold, but this group drops the initial backdoor and waits. They let the dust settle for weeks before deploying their secondary exfiltration tools like TmcLoader. That kind of patience is a calculated move designed to outlast standard log retention policies and automated security sweeps, making it incredibly difficult for defenders to connect the initial infection to the eventual data theft.”
The researchers could not conclusively attribute this campaign to any particular threat actor but did say that it has a lot in common with older campaigns conducted by the TetrisPhantom actor, including victimology, technical capabilities, and operational methods.
Kaspersky analyzed TetrisPhantom back in 2023, when it saw the group compromising secure USB drives used to provide encryption for safe data storage. This campaign also targeted government entities in the Asia-Pacific region (APAC) but, at the time, it was a newly discovered threat actor with no overlap with other known groups.
Advertisement
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
An anonymous reader quotes a report from MacRumors: Apple has reportedly sent legal letters to dozens of former Apple employees now working at OpenAI, telling them to preserve potentially relevant documents and communications as it continues to pursue its trade secret lawsuit against the AI company. The Financial Times(paywalled) reports that Apple has targeted around 40 former employees with legal preservation letters, acting on its belief that the alleged misappropriation of confidential information may extend beyond the individuals named in its original complaint.
The development follows Apple’s lawsuit filed last week against OpenAI, in which the company alleges a coordinated effort to obtain confidential information relating to its hardware engineering and product development. Apple claims OpenAI recruited key engineers, including former Apple executives Tang Tan and Chang Liu, and benefited from proprietary designs, manufacturing processes, and other trade secrets. Tan is OpenAI’s Chief Hardware Officer and a 24-year Apple veteran who led product design, while Liu is on the hardware team at OpenAI after working as a senior system electrical engineer at Apple.
We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.
RugOne Xlink 7: 30-second review
The RugOne Xlink 7 wants to solve an old problem in a new way. Traditional walkie-talkies are brilliant until you walk out of range. Hills block them. Buildings block them. Distance blocks them. The Xlink 7 sidesteps all of that by using 4G instead of short-range radio, so two or three people can stay in touch across a city, a country, or, in theory, the whole planet, as long as there’s signal.
That idea alone makes it worth a look. Add a genuinely tough build, IP68 and IP69K rated, plus MIL STD 810H certification, and you have a device that will survive rain, dust, a drop, or a dunking, all while weighing just 84g. It comes loaded with sensible extras too. A wireless PTT (push-to-talk) remote means you never have to fumble for the unit itself while riding or climbing. An emergency SOS mode, backed by GPS, GLONASS and Beidou positioning, can sound an alarm and share your live location with five quick presses. There’s even a basic AI assistant for weather checks and settings, and a noise cancellation system tuned for wind and speed.
Advertisement
None of that comes without trade-offs, though. The biggest one is that this is a cellular device, not a true radio, so it lives and dies by 4G coverage. Head somewhere genuinely remote, deep countryside, mountains, open water, and it becomes a very expensive paperweight. A proper VHF or UHF handset, or a satellite communicator, will keep working exactly where the Xlink 7 cannot. There’s no screen either, so every bit of feedback comes through LED colours and beeps, which takes some getting used to. Group calls are capped at three people and thirty minutes, which will frustrate anyone hoping to coordinate a larger crew.
So who is this for? Cyclists, hikers, skiers and runners who mostly stay within reach of a network but want a proper safety net and a simple way to stay in touch with a partner or small group. It might also work for parents keeping tabs on older kids, but surely they’d have phones. It could be an easy panic button for lone workers, as long as they’re not underground.
It’s less convincing for anyone heading truly off-grid, where a satellite device or traditional radio still makes more sense, as some of the best rugged phones I’ve tested already have. Think of the Xlink 7 as a rugged companion for populated wilderness rather than true remoteness, and it starts to make more sense.
Advertisement
(Image credit: Mark Pickavance)
RugOne Xlink 7: price and availability
How much does it cost? $159
When is it out? Available now
Where can you get it? Direct from RugOne or via an online retailer
Unless I’m mistaken, the RugOne Xlink 7 launched its Kickstarter campaign in June 2026, with a Super Early Bird duo pack priced from $159.99 against a stated standard retail of $299.98 for the same pack, a 47 per cent discount.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Advertisement
Coverage on a popular news site said it has cleared the Engineering Verification and Design Verification stages and was, at the time of writing, running final Production Validation Test builds ahead of mass shipping from August 2026. But that plan evidently wasn’t correct or got changed, because it’s already available to buy now.
To be crystal clear, I’m not a fan of companies that don’t need the money running Kickstarter campaigns as marketing exercises, and the way that this one was able to move from announcement to product and retail in a matter of weeks gives the true picture away. That reality being the Xlink 7 was probably finished and in production even before the Kickstarter ever began.
In the bundle that most purchasers will choose, they get a SIM card that works in 41 countries, and that will work for a year. No price has yet been revealed for extending the SIM contract at this time, but you can just buy a data-only SIM for your country and use that instead.
In most countries, this would be a no-brainer based on cost, but if you live in a region where mobile providers must approve each device that connects, it might be an issue.
Advertisement
Depending on how you intend to use this hardware, the price might be seen as competitive or excessive.
Compared to a proper satellite-based communicator, like the Garmin inReach Mini 2 ($509.99), it might seem a bargain. But the Garmin will work in practically any geographic location, and doesn’t need cell service.
Not needing a cell service or a SIM card, Motorola makes an extensive range of walkie-talkies, like the Motorola Solutions Talkabout T475 Extreme. A two-pack of those is only $94.99, and they use FRS radio frequencies, can receive NOAA weather alerts and will work for up to 12 hours on a charge.
There are dozens of brands selling walkie-talkie designs, some using Mesh technology that generally undercut the RugOne Xlink 7, typically offering two handsets for less than the price of one Xlink 7.
Advertisement
But there is an even cheaper choice, and that’s to use Zello on your existing smartphone, which costs precisely nothing. As they say, competing with zero isn’t easy.
Overall, there are some cute features on the RugOne Xlink 7 that might attract some customers, but since they don’t have a fallback technology when there is no 4G service, they seem overpriced.
(Image credit: Mark Pickavance)
RugOne Xlink 7: Specs
Swipe to scroll horizontally
Product
Advertisement
RugOne Xlink 7
Dimensions
63.6 x 51.7 x 22.95mm
Weight
Advertisement
84g
Build
Plastic body with metal buttons and rubber seals
Durability
Advertisement
IP68 (1.5m for up to 30 minutes) and IP69K under IEC 60529, MIL STD 810H, operating range -30C to 55C
Display
None. Status is shown via seven front LEDs plus audio tones
1,050mAh typical / 1,020mAh rated Li Po, USB Type C charging at 5V 0.5A
Battery life (claimed)
Advertisement
Up to 87 hours standby, 24 hours typical use, 10 hours continuous talk
Calling
Full duplex hands-free voice for up to 3 simultaneous users, 10-minute default call length, 30-minute maximum
AI features
Advertisement
On-device AI voice assistant for Q&A and settings, plus chip and AI-based noise cancellation rated to a peak of 55dB reduction
Safety
Emergency SOS via five rapid presses on the action button, triggers a siren, calls emergency contacts, and shares live GPS location
Extras
Advertisement
Built-in TorchX flashlight, wireless Bluetooth push-to-talk remote ring, dedicated group set-up button
App
RugOne Xlink app for iOS and Android, required to activate the device
In the box
Advertisement
Xlink 7 unit, USB-C to USB-C cable, pre-installed screen film, wireless PTT remote ring, long and short Velcro straps, sports armband, magnetic back clip, lanyard, SIM card (Bundle version only), manual and warranty card
RugOne Xlink 7: Design
Tough and tiny
Lots of buttons
A box full of accessories
(Image credit: Mark Pickavance)
Which countries does the SIM card support?
United States, United Kingdom, Germany, France, Italy, Spain, Netherlands, Switzerland, Sweden, Norway, Denmark, Ireland, Austria, Belgium, Finland, Iceland, Poland, Czech Republic, Greece, Portugal, Luxembourg, Hungary, Slovakia, Slovenia, Croatia, Cyprus, Estonia, Latvia, Lithuania, Romania, Bulgaria, Liechtenstein, Vatican City, San Marino, Serbia, Albania, North Macedonia, Bosnia and Herzegovina, Moldova, Ukraine, and Belarus.
Advertisement
The Xlink 7 is a small, octagonal puck that RugOne compares to a chunky earbud case. At 84g and just under 64mm tall, it disappears onto a backpack strap or handlebar far more easily than a traditional VHF or UHF radio ever could. The body mixes plastic with rubber seals and metal buttons, and the whole thing carries an IP68 rating for a 1.5 metre dunking and an IP69K rating against pressure washing, on top of MIL STD 810H certification. That is a serious durability claim for a device this size, and on paper, that puts the Xlink 7 ahead of most consumer electronics in this price bracket.
There is no screen. Every status update, battery level, signal state, Bluetooth pairing, comes through a bank of seven LEDs and a set of audio tones. That keeps the design simple and the waterproofing easier to guarantee, but it also means a genuine learning curve before all those beeps and colours become second nature.
The one that most owners might easily recall is the built-in AI, as even at the lowest volume settings, it shouts information at you like a drill sergeant. Maybe on a windswept hillside or next to a roaring rapids, this might be good, but in less noisy spaces, it seems excessive and bludgeoning.
(Image credit: Mark Pickavance)
Since there is no screen, all the modes and features of the RugOne Xlink 7 are activated using a series of buttons, and there are some simple back-lit icons to provide basic feedback. These tell you if a voice call is active, Bluetooth is being used, battery status, the device is on, volume and mute, and mobile signal strength. But most of these are superfluous, since if you change the volume, for example, the unit will shout at you the current volume setting.
Advertisement
Buttons are provided for powering on, AI, Group functionality and initiating or answering calls.
A single button activates an on-device AI assistant for simple Q&A, weather checks, and device settings, and RugOne pairs a dedicated audio chip with an AI noise-reduction algorithm rated at a peak of 55dB, tuned for conditions up to 40km/h on skis or 30km/h on a bike, according to RugOne. But this technology appears to be deactivated when you’re not on skis or a bike, when you get put on full audio blast anyway.
Rubber plugs cover both the SIM card slot and the USB port, which made me wonder why they weren’t together under a single plug. And, the other feature worth mentioning is that there is a TorchX flashlight, which might become useful if you’ve not reached your basecamp before nightfall.
For those wondering how you configure some of the more complicated aspects, that’s all done through a smartphone app. So, if you want to change those, you’ll need to bring a smartphone, which somewhat undermines the function of the RugOne Xlink 7.
Advertisement
One impressive detail about this device is all the supporting hardware that comes in the box, which includes long and short Velcro straps, a sports armband, a magnetic belt clip, a lanyard and a Bluetooth-connected talk button.
Design score: 3.5/5
RugOne Xlink 7: Hardware
Multi-person communication
ASR1609S SoC
1,050mAh cell battery
Available in ‘Sports Black’ or ‘Sand Dune’, the RugOne Xlink 7 has some interesting twists on the normal 4G communication model.
These include the ability to have group conversations between three Xlink 7, with each call limited to 10 minutes, or with three connected up to 30 minutes.
Advertisement
Where I’m slightly confused is that in some literature, three users are mentioned, and in others, up to five people can talk. But since I only received two of these to test, I can ascertain which number is correct.
That said, the idea of five people on the same line just sounds like a recipe to step on other people’s speaking, so if it only supports three people, it might be more practical.
The platform that this was built on is the ASR1609S, a cost-effective, high-performance 4G LTE IoT baseband processor manufactured by ASR Microelectronics.
This SoC is a single ARM Cortex-R5 core running at 614 MHz, integrating a modem, Bluetooth 5.2, GNSS, power management, 8GB PSRAM, and 8GB Flash in a single assembly.
Advertisement
Positioning comes from a combination of GPS, GLONASS and Beidou, and an emergency SOS mode is triggered by five rapid presses of the action button. That sounds like a loud siren to alert others nearby, automatically calls pre-set emergency contacts and shares a live location through the companion app.
For hikers, cyclists and lone workers, this is arguably a bigger selling point than the group calling itself. But this again assumes that everyone wearing one of these devices is also conveniently carrying their phone.
(Image credit: Mark Pickavance)
RugOne quotes up to 87 hours of standby, 24 hours of typical use, or 10 hours of continuous talk time from the 1,050mAh cell. Those are manufacturer figures rather than independently measured ones, and if you are on the edge of cell service, you might find the battery wears out faster than expected.
I can’t be overly critical of the hardware, since it was made to both fit inside the limited confines of the RugOne Xlink 7 but also to do a specific job that isn’t as general as you might expect from a Smartphone SoC.
Advertisement
But, this SoC didn’t include the technology for PTT-type communications without 4G, which is unfortunate, since most mobile phones can do that trick, and would last longer on battery than the Xlink 7 can.
(Image credit: RugOne)
RugOne Xlink 7: Final verdict
The RugOne Xlink 7 is a difficult call, since I don’t think there is anything inherently wrong with the hardware or the design, except possibly how shouty the AI is.
That said, I strongly suspect that this design was originally intended to support conventional or mesh wireless technology alongside 4G functionality, until someone realised that might affect future income from SIM sales.
Advertisement
What we ended up with is a walkie-talkie that’s useless when you’re away from cell service, which is problematic. Given that lots of cheaper devices will work anywhere without 4G, it brings into question whether the RugOne Xlink 7 is the right product for you.
While I accept that most walkie-talkies can’t link two people on different continents, most can connect those people 100M apart on a mountain or in a jungle, and that’s not a guarantee with this hardware.
RugOne need to put Zello-compatible wireless in the Xlink 8, and make the price significantly more competitive.
Advertisement
Should I buy a RugOne Xlink 7?
Swipe to scroll horizontally
Oukitel WP66 Score Card
Attributes
Notes
Rating
Value
Advertisement
Affordable, but compared with other walkie-talkies, it is on the pricey side.
3/5
Design
A compact and rugged puck that can be carried in numerous ways
Advertisement
3.5/5
Hardware
Efficient SoC and 1,050mAhbattery, but needs 4G network to talk
There’s an interesting thing about retrocomputing — the moment that you realize your 25-year-old machine can do almost everything your average person uses a computer for. The problem is that the average person mostly uses a computer as an internet appliance, and the big missing piece for most old machines is hooking up to the modern internet. HTTPS is good to have, but isn’t so easy to implement when your browser gets megabytes of RAM instead of gigabytes.
That’s why MacSurf by [mplsllc] is so interesting, especially version 2.0 just released-– its explicit goal is to get as much of the modern web onto an OS 9 equipped PowerPC Macintosh as physically possible.
Before you get too excited– no, you won’t be hitting up YouTube.com or even GitHub. That’s just too big and bloated now, even if you can get past the HTTPS hurdle. You will, however, be able to access, say MacintoshGarden.org, whose out-of-order HTTPS certificates sent the last version for a tizzy. The forums at 68kMLA work, and threads load quickly thanks to the as-needed image loading added this version.
Advertisement
Other nice things added include a proper history and bookmark manager. There’s still no tab support, but have you seen the modern web? You’re not fitting more than one webpage into RAM on a G3 no matter how hard you try. You can, however, download the web browser directly from the http-only MacSurf.org homepage.
A tribute to venture capitalist S. “Soma” Somasegar before the Sounders FC match. (GeekWire photo/John Cook0
The Seattle Sounders paused before Thursday night’s rivalry match against the Portland Timbers to honor one of their own.
Before the match at Lumen Field, the club paid tribute to S. “Soma” Somasegar, the longtime Microsoft executive, Madrona venture capitalist and Sounders minority owner who died in May at age 59. Fans stood in silence as Somasegar’s image appeared on the stadium video boards.
Somasegar joined the Sounders ownership group in 2019, part of a wave of Seattle tech leaders — including Microsoft CEO Satya Nadella — who bought in that year.
After his death, the club said Somasegar viewed sports as a way to bring people together, and credited him and his wife, Akila, with strengthening the Sounders and Seattle Reign communities.
GeekWire chronicled the outpouring of tributes after Somasegar’s death, as colleagues, founders and friends remembered the former Microsoft executive and venture capitalist for his humility, generosity and commitment to helping others succeed.
During his 27 years at Microsoft, he helped lead the company’s developer tools business before spending more than a decade at Madrona, where he backed and advised a new generation of cloud and AI startups.
Apple’s lawsuit against OpenAI is full of astonishing accusations and details, with Apple alleging it uncovered a pattern of theft of Apple’s trade secrets. Apple’s complaint mostly points the finger at a few ex-Apple employees that now work at OpenAI, the maker of ChatGPT.
OpenAI has faced quite a number of lawsuits lately on how it does business, but Apple’s suit brings a different twist. If this case goes to trial, it could reveal the secret hardware that OpenAI has long teased. A trial could seek damages if Apple’s work is being used to help develop some sort of rival AI device. Would a lawsuit spill the beans on a device — or several devices — before OpenAI is ready to launch?
Advertisement
Watch this: Apple vs. OpenAI: These Lawsuit Details Are Wild
This week’s episode of One More Thing, embedded above, goes into the juicy details of the suit and what happens next. OpenAI CEO Sam Altman says he’s not afraid of Apple, but maybe he should be. Taking rivals to court is part of the Apple playbook, and the company knows how to do it well.
The fight could also drag in a few famous Apple faces. Apple’s former design chief, Jony Ive, is now working on making AI gadgets for OpenAI. That means Apple lawyers might call to the stand the former designer of the iPhone, to see if he used information stolen from Apple. (Awkwaaard.)
For more One More Thing, subscribe to our YouTube page to catch Bridget Carey breaking down the latest Apple news and issues every Friday.
ABC News reports that White House teleprompter operator Gabriel Perez allegedly made more than $100,000 betting on Kalshi markets tied to what President Trump would say in speeches, using his access to prepared remarks and last-minute edits. ABC News reports: According to the sources, Kalshi alerted its regulator, the Commodity Futures Trading Commission (CFTC), to the suspicious activity on its “Mentions” market, where users can bet on whether specific words, phrases or topics are uttered during a public speech. “Our surveillance team promptly flagged and referred these trades to the CFTC, and we are cooperating and assisting regulators,” Kalshi’s head of enforcement, Bobby DeNault, said in a statement provided to ABC News.
White House Press Secretary Karoline Leavitt told reporters Thursday afternoon, following ABC News’ report, that Perez has been put on unpaid administrative leave. Leavitt said she spoke with President Trump about it, and he thought it was a “disgrace” and made the decision himself to put Perez on unpaid leave. Leavitt said she was unaware of any other White House staffers who have made such trades. “The White House has strict ethics guidelines that we expect all staffers and officials to follow,” said White House spokesperson Davis Ingle when contacted by ABC News.
In addition to February’s State of the Union address, sources said CFTC investigators discovered that Perez placed bets on more than a dozen Trump speeches over a three-month period, including a December primetime address, a January speech at the World Economic Forum in Davos, Switzerland, and Trump’s remarks in March during a Medal of Honor ceremony.
The US Treasury sanctioned First VPN Service for aiding ransomware gangs
Complying with the sanctions, the .ME registry wrongly suspended Telegram’s entire t.me domain
The domain was restored roughly 19 hours later after Telegram CEO Pavel Durov flagged the issue online
If you clicked a Telegram link on Monday and stared at a blank screen, you weren’t alone. Every shortlink starting with ‘t.me’ suddenly vanished from the global internet, breaking group invites, profile shares, and channel links for roughly a billion users worldwide.
But the outage wasn’t caused by a technical glitch or a targeted cyberattack. Instead, it was the unintended collateral damage of a US government crackdown on a cybercriminal proxy network.
On July 13, the US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the administrators of a rogue proxy network called First VPN Service (1VPNS), aiming to cut off infrastructure used by ransomware operators.
As part of the new sanctions, the US Treasury published a list of web addresses associated with the VPN. Buried in that list was a link to First VPN’s public Telegram support channel: t.me/FirstVPNService.
A sledgehammer to crack a nut
(Image credit: Photo by Fred TANNEAU / AFP via Getty Images)
Because top-level domains operate under strict international compliance rules, domain registrars must act quickly when sanctioned entities use their infrastructure.
However, because a domain registry cannot selectively disable a specific webpage or channel path — like a single Telegram group — the Montenegro-based registry Domain.Me applied a “serverHold” status to Telegram’s entire t.me domain.
This sweeping action effectively erased the domain from the global Domain Name System (DNS). The core Telegram app continued to function, and the older telegram.me domain remained active, but the shortlinks the messaging platform is built upon went entirely dark.
Advertisement
The swift resolution
The sudden shutdown prompted immediate action from Telegram’s leadership.
Unaware of the backend domain hold, Telegram CEO Pavel Durov took to X to publicly ask the registrar for an explanation: “Hey @domainME, t.me links stopped working. Can you look into it?”
Hey @domainME, https://t.co/9z6UC2o37U links stopped working. Can you look into it? 🙏July 14, 2026
Once the sanctions issue was identified, Telegram scrubbed the offending channels from its platform. The registry operator subsequently verified the compliance and brought the domain back online.
Advertisement
“On 13 July, 1VPNS was included as a sanctioned entity by the US Department of the Treasury. A Telegram channel using the t.me domain was among 1VPNS identified infrastructure. Accordingly, the t.me domain was suspended,” domain.Me confirmed in a statementfollowing the outage.
The registrar clarified that normal service resumed roughly a day later, after Telegram provided confirmation that it had removed its links and affiliations with 1VPNS. “We appreciate Telegram’s prompt cooperation in resolving this matter,” domain.Me added.
While the outage is now resolved, the incident highlights a glaring vulnerability in the modern web, where a single URL swept up in a government sanctions list can inadvertently silence an essential communication channel for millions.
What just happened? European Union regulators are forcing Google to change how Android handles artificial intelligence, ordering the company to open up the operating system and its search data to competing AI services. Under a binding decision announced on Thursday, Google must grant rival AI assistants the same system-level access that its Gemini assistant enjoys on Android phones in the bloc. The move is intended to prevent Google from using Android’s vast reach to tilt the fast-growing AI market in its favor and to ensure that competing services have a fair opportunity to reach users.
The stakes are high. Android powers about 60% of smartphones in the European Union, and AI companies see those devices as the primary gateway for turning chatbots into everyday assistants. The deeper a service is integrated into a device – reading the screen, handling messages, and interacting with other apps – the more useful it becomes. That is precisely the layer of control EU officials are now trying to open up.
Regulators said Google will have to place rival AI services on “equal footing” with Gemini. That includes access to voice commands, system search, and the ability to perform actions in other apps, such as ordering a ride, replying to a text message, or pulling up information about a place a user recently visited. The changes must be implemented by next July.
The order also extends beyond the operating system. By January, Google will have to begin sharing anonymized search data with competing services, including developers of AI chatbots. The goal is to give those rivals access to more of the behavioral signals that help improve search and assistant products without exposing individual users.
Advertisement
Google has not said whether it will challenge the ruling in court. Instead, the company has warned that the EU’s demands could create new risks.
“Today’s decisions risk undermining vital privacy and security safeguards for millions of Europeans,” Kent Walker, Google’s general counsel, said in a statement. Google argues that allowing third-party developers to access sensitive data stored on a person’s smartphone or in their search history could weaken the protections built into its products.
European officials see it differently. The bloc has long taken a tough stance toward large technology platforms, and it views artificial intelligence as the next gateway to digital services. In their view, allowing a handful of companies to control the main AI assistants built into phones, browsers, and operating systems would entrench those players and shut out competitors.
The legal basis for the ruling is the Digital Markets Act, a competition law that applies to gatekeeper companies such as Google and Apple. The DMA requires them to make their products interoperable so that outside developers can offer competing AI assistants alongside – or instead of – built-in options such as Google’s Gemini and Apple’s Siri.
Advertisement
That requirement is already causing friction. In June, Apple said it would withhold new AI features for Siri in the European Union because it could not reach an agreement with regulators. As a result, iPhone users in the bloc will not receive the same Siri upgrades that Apple plans to roll out elsewhere, at least for now.
At the same time, some AI companies are trying to sidestep the mobile platform issue entirely by developing their own hardware. Last year, OpenAI hired Jony Ive, Apple’s former chief designer, to lead work on new AI-centric devices. The goal is to create products in which an AI assistant serves as the primary interface, rather than one that operates within another company’s operating system.
That partnership is now under strain. Last week, Apple sued OpenAI, accusing the company of stealing trade secrets. OpenAI has denied the allegations.
Microsoft restored streamer Joshua Khane’s 25-year-old Xbox and OneDrive account after it was compromised by a hacker and then suspended, putting years of personal data, baby photos, and thousands of dollars in games at risk. IGN reports: While he was “extremely happy” and thanked Microsoft for its help recovering his account and all the invaluable information therein, he levied some criticisms toward the brand for its initial response, claiming it had told him the suspension was “irreversible” at first. “It’s unfortunate that such a big company can bring back your account if you ask them to,” he said. “The way it all went, to me, is a little bit shady, because it’s not that they can’t bring back your account — they won’t bring back your account if you’re a nobody.”
Khane credited the community for making his story go viral and bringing it to Microsoft’s attention, but felt that without their help, he would have been up a creek without a paddle. He also tied the situation to the growing conversation surrounding digital ownership, comparing it to Sony’s decision to stop printing physical game discs starting January 2028.
A newly discovered strain of macOS malware is taking social engineering to an unsettling new level. Instead of exploiting a software vulnerability or silently stealing information in the background, it simply refuses to let you use your Mac until you type in your login password.
Dubbed ClickLock, the malware repeatedly shuts down key macOS processes, disables notifications, displays convincing Apple password prompts, and effectively traps users in a loop that only ends when the correct password is entered. Once that happens, it doesn’t just steal the password. It goes after browser data, cryptocurrency wallets, saved credentials, password managers, and much more.
A BleepingComputer reports states researchers at Group-IB say the malware has already infected at least 100 systems across 33 countries since May. Even more worrying, when it was first uploaded to VirusTotal in June, none of the security engines on the platform flagged it as malicious.
ClickLock doesn’t hack your Mac. It hacks you.
Unlike many modern malware campaigns that rely on zero-day exploits or privilege escalation vulnerabilities, ClickLock succeeds through psychological pressure. The infection is believed to begin with a ClickFix-style attack, where users are tricked into copying and pasting a command into Terminal under the guise of completing a Cloudflare “human verification” check. While a fake verification progress bar keeps the victim distracted, the malware quietly downloads its payloads in the background.
Advertisement
At the same time, it disables keyboard interrupts, hides the Terminal cursor, and suppresses macOS Notification Center alerts for nearly six hours, making it much harder for victims to realise something suspicious is happening.
Representative ImageUnsplash
The malware’s most disturbing feature comes next. It displays what appears to be a legitimate macOS password dialog complete with the user’s real account name and Apple branding. If the victim enters the correct system password, ClickLock immediately validates it and sends the credentials to the attackers through Telegram.
If the user refuses, the malware doesn’t give up. Instead, it installs persistence mechanisms that reactivate after the next login. Once triggered, ClickLock begins killing critical macOS processes every 210 milliseconds, including Finder, Dock, Terminal, Activity Monitor, Console, System Settings, Spotlight, and even popular web browsers.
The result is a Mac that appears almost completely unusable, leaving only the password prompt visible on screen. According to Group-IB, this loop can continue for more than 83 hours, or until the victim finally gives in.
It wants far more than your password
The login password is only the beginning. ClickLock also attempts to trick victims into approving a genuine Keychain access prompt that grants permission to Chrome’s Safe Storage key. That key can later be used to decrypt stored passwords, cookies, and autofill information from Chromium-based browsers.
Advertisement
The malware’s data-stealing module casts an exceptionally wide net. It targets browser profiles from Chrome, Firefox, Brave, Microsoft Edge, Opera, Vivaldi, Arc and Chromium, harvesting saved passwords, cookies, bookmarks, browsing sessions, local storage and autofill information.
Cryptocurrency users face an even greater risk. ClickLock searches for browser wallet extensions, desktop wallet files, encrypted wallet vaults and cached wallet addresses across major blockchain ecosystems including Bitcoin, Ethereum-compatible chains, Solana, TRON, TON and Stacks.
Representative ImageUnsplash
It also collects FileZilla FTP configurations, shell history, basic system information and public IP addresses before compressing everything into ZIP archives and uploading the stolen data through the Telegram Bot API. To ensure attackers maintain long-term access, ClickLock deploys a modified version of the open-source GSocket tool, creating a persistent backdoor capable of remotely controlling the infected Mac. Unlike the malware’s other components, which delete themselves after execution to minimise forensic evidence, this backdoor remains active on the system.
The stealth techniques don’t end there. Researchers say the malware is hosted on compromised but otherwise legitimate websites, helping it evade reputation-based security systems. Its payloads also remove themselves after execution, leaving very few traces behind. Despite that, Group-IB says defenders can still spot suspicious behaviour by watching for repeated password dialog boxes generated through osascript, continuous termination of macOS processes, mass access to browser profile folders and unusual outbound connections to Telegram.
The biggest takeaway, however, is surprisingly simple. If a website ever asks you to open Terminal and paste a command to prove you’re human, close the page immediately. No legitimate website, including Cloudflare, requires Terminal access for human verification. And if your Mac suddenly becomes unusable while repeatedly demanding your system password, resist the urge to comply. Instead, force a shutdown using the power button, restart in Safe Mode, and investigate the system before entering any credentials. In ClickLock’s case, your password isn’t solving the problem. It’s exactly what the attackers are waiting for.
You must be logged in to post a comment Login