Agregátor RSS

Police emit Spotify Wrapped-style videos to let crims know they're being hunted

Feature  Cops have brought down a dark-web souk that provided cyber criminals with convincing copies of trusted brands' websites for use in phishing campaigns.…

Introduction

In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it “DuneQuixote”; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, carried malicious code to download an additional payload in the form of a backdoor we call “CR4T”. While we identified only two CR4T implants at the time of discovery, we strongly suspect the existence of others, which may be completely different malware.

The group behind the campaign took steps to prevent collection and analysis of its implants and implemented practical and well-designed evasion methods both in network communications and in the malware code.

Initial dropper

The initial dropper is a Windows x64 executable file, although there are also DLL versions of the malware sharing the same functionality. The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler. All samples contain digital signatures, which are, however, invalid.

Upon execution, the malware initiates a series of decoy API calls that serve no practical purpose. These calls primarily involve string comparison functions, executed without any conditional jumps based on the comparison results.

Useless function calls

The strings specified in these functions are snippets from Spanish poems. These vary from one sample to another, thereby altering the signature of each sample to evade detection using traditional detection methodologies. Following the execution of decoy functions, the malware proceeds to construct a structure for the necessary API calls. This structure is populated with offsets of Windows API functions, resolved utilizing several techniques.

Initially, the malware decrypts the names of essential Windows core DLLs using a straightforward XOR decryption algorithm. It employs multiple decryption functions to decode strings, where a single function might decrypt several strings. However, in our analysis, we observed samples where each string was decrypted using a dedicated function, each employing a slightly varied decryption algorithm.

String decryption algorithm

Once the necessary strings have been decrypted, the malware uses a standard technique for dynamically resolving API calls to obtain their memory offsets by:

• retrieving the offset of the Process Environment Block (PEB);
• locating the export table offset of kernel32.dll;
• identifying the offset for the GetProcAddress function.

In the process of obtaining the PEB offset, the malware first decrypts the constant 0x60, which is used to locate the PEB64 structure. This approach is of particular interest because, typically, malicious samples or shellcode utilizing this technique opt for a hardcoded plain text constant value for this purpose.

Getting PEB structure offset

Next, the malware begins to populate the previously created structure with the offsets of all required functions.

The dropper then proceeds to decrypt the C2 (Command and Control) address, employing a unique technique designed to prevent the exposure of the C2 to automated malware analysis systems. This method involves first retrieving the filename under which the dropper was executed, then concatenating this filename with one of the hardcoded strings from Spanish poems. Following this, the dropper calculates the MD5 hash of the concatenated string, which is then used as a key for decrypting the C2 string.

C2 decryption algorithm

Following the decryption of the C2 string, the malware attempts to establish a connection with the C2 server using a specifically hardcoded ID as the user agent to download the payload. During our research of the C2 infrastructure, we found that the payload remains inaccessible for download unless the correct user agent is provided. Furthermore, it appears that the payload may only be downloaded once per victim or is only available for a brief period following the release of a malware sample into the wild, as we were unable to obtain most of the payload implants from active C2 servers.

Once the payload is downloaded into the process’s memory, the dropper performs a verification check for the “M” (0x4D in hexadecimal) magic byte at the start of the memory blob. This check likely serves to confirm that the payload has an MZ file signature, thereby indicating it is a valid executable format.

Total Commander installer dropper

The Total Commander installer dropper is created to mimic a legitimate Total Commander software installer. It is, in fact, the legitimate installer file, but with an added malicious file section (.textbss) and a modified entry point. This tampering results in invalidating the official digital signature of the Total Commander installer.

The installer dropper retains the core functionality of the initial dropper but with several key differences. Unlike the original dropper, it omits the use of Spanish poem strings and the execution of decoy functions. It also implements a series of anti-analysis measures and checks that prevent a connection to C2 resources, if any of the following conditions are true:

• a debugger is present in the system;
• known research or monitoring tools are among running processes;
• explorer.exe process has more than two instances
• any of the following processes are running:
  • “python.exe”
  • “taskmgr.exe”
  • “procmon.exe”
  • “resmon.exe”
  • “eventvwr.exe”
  • “process_hacker.exe”
• less than 8 GB RAM available;
• the position of the cursor does not change over a certain timeframe;
• disk capacity is less than 40 GB.

If any of the anti-analysis checks fail, the malware returns a value of 1. This specific return value plays a role in the decryption of the C2 server address. It triggers the removal of the first “h” from the beginning of the C2 URL (“https“), effectively changing it to “ttps“. As a result, the altered URL prevents the establishment of a connection to the C2 server.

Memory-only CR4T implant

The “CR4T” implant is designed with the primary goal of granting attackers access to a console for command line execution on the victim’s machine. Additionally, it facilitates the download, upload, and modification of files. The malware carries a PDB string in its code:

"C:\Users\user\Desktop\code\CR4T\x64\Release\CR4T.pdb"

That’s why we dubbed it “CR4T”.

Upon execution by the dropper, the implant initiates a cmd.exe process in a hidden window and establishes two named pipes to enable inter-process communication. It then configures the user agent for communication with the C2 server, embedding the hardcoded value “TroubleShooter” as the user agent name for requests to the C2.

User-agent string

After that, the implant retrieves the computer name of the infected host as well as the username of the current user. Then it establishes a connection to the C2 server. This session provides interactive access to the command line interface of the victim’s machine via the earlier mentioned named pipes. Commands and their outputs are encoded using Base64 before being sent and decoded after receiving.

After establishing the connection, the implant remains idle, awaiting an initial command from the C2 operator to activate the required functionality. This command is represented by a one-byte value, each one mapped to a specific action on the infected system. These single character commands would likely make more sense for an English-speaking developer/operator than a Spanish-speaking one. i.e. “D” == Download, “U” == Upload (where a Spanish speaker might use “Cargar”).

Command Functionality ‘C'(0x43) Provide access to the command line interface via a named pipe. ‘D'(0x44) Download file from the C2 ‘U'(0x55) Upload file to the C2 ‘S'(0x53) Sleep “R”(0x52) Exit process “T”(0x57) Write to a file (T here possibly stands for a file-write task)

During our investigation, we discovered evidence of a PowerShell file that had been created using the “T” command:

"powershell -c \"Get-ScheduledTask | Where-Object {$_.TaskName -like 'User_Feed_Sync*' -and $_.State -eq 'Running'} | Select-Object TaskName\"

The threat actor was observed attempting to retrieve the names of all scheduled tasks on the infected machine beginning with “User_Feed_Sync“. These scheduled tasks were probably created by the Golang version of CR4T for persistence purposes.

Memory-only Golang CR4T implant

We also discovered a Golang version of the CR4T implant, which shares similar capabilities with the C version and has a similar string related to the internal naming:

"C:/Users/user/Desktop/code/Cr4tInst/main.go"

This variant provides a command line console for interaction with infected machines, as well as file download and upload capabilities. It also possesses the functionality to execute commands on the victim’s machine. A notable difference of this version is its ability to create scheduled tasks using the Golang Go-ole library. This library leverages Windows Component Object Model (COM) object interfaces for interacting with the Task Scheduler service.

CR4T using go-ole library

The malware is also capable of achieving persistence by utilizing the COM objects hijacking technique. And finally, it uses the Telegram API for C2 communications, implementing the public Golang Telegram API bindings. All the interactions are similar to the C/C++ version.

Infrastructure

The infrastructure used in this campaign appears to be located in the US at two different commercial hosters.

Domain IP First seen ASN commonline[.]space 135.148.113[.]161 2023 -12-16 23:20 16276 userfeedsync[.]com 104.36.229[.]249 2024-01-10 07:27 395092 Victims

We discovered victims in the Middle East, as per our telemetry, as early as February 2023. Additionally, there were several uploads to a semi-public malware scanning service at a later stage, more specifically starting on December 12 2023, with more than 30 submissions of the droppers in the period up to the end of January 2024. The majority of these uploads also originated from the Middle East. Other sources we suspect to be VPN exit nodes geo-located in South Korea, Luxembourg, Japan, Canada, Netherlands and the US.

Conclusions

The “DuneQuixote” campaign targets entities in the Middle East with an interesting array of tools designed for stealth and persistence. Through the deployment of memory-only implants and droppers masquerading as legitimate software, mimicking the Total Commander installer, the attackers demonstrate above average evasion capabilities and techniques. The discovery of both C/C++ and Golang versions of the CR4T implant highlights the adaptability and resourcefulness of the threat actors behind this campaign.

Indicators of Compromise

DuneQuixote Droppers
3aaf7f7f0a42a1cf0a0f6c61511978d7
5759acc816274d38407038c091e56a5c
606fdee74ad70f76618007d299adb0a4
5a04d9067b8cb6bcb916b59dcf53bed3
48c8e8cc189eef04a55ecb021f9e6111
7b9e85afa89670f46f884bb3bce262b0
4f29f977e786b2f7f483b47840b9c19d
9d20cc7a02121b515fd8f16b576624ef
4324cb72875d8a62a210690221cdc3f9
3cc77c18b4d1629b7658afbf4175222c
6cfec4bdcbcf7f99535ee61a0ebae5dc
c70763510953149fb33d06bef160821c
f3988b8aaaa8c6a9ec407cf5854b0e3b
cf4bef8537c6397ba07de7629735eb4e
1bba771b9a32f0aada6eaee64643673a
72c4d9bc1b59da634949c555b2a594b1
cc05c7bef5cff67bc74fda2fc96ddf7b
0fdbe82d2c8d52ac912d698bb8b25abc
9b991229fe1f5d8ec6543b1e5ae9beb4
5e85dc7c6969ce2270a06184a8c8e1da
71a8b4b8d9861bf9ac6bd4b0a60c3366
828335d067b27444198365fac30aa6be
84ae9222c86290bf585851191007ba23
450e589680e812ffb732f7e889676385
56d5589e0d6413575381b1f3c96aa245
258b7f20db8b927087d74a9d6214919b
a4011d2e4d3d9f9fe210448dd19c9d9a
b0e19a9fd168af2f7f6cf997992b1809
0d740972c3dff09c13a5193d19423da1
a0802a787537de1811a81d9182be9e7c
5200fa68b6d40bb60d4f097b895516f0
abf16e31deb669017e10e2cb8cc144c8
f151be4e882352ec42a336ca6bff7e3d
f1b6aa55ba3bb645d3fde78abda984f3
00130e1e7d628c8b5e2f9904ca959cd7
fb2b916e44abddd943015787f6a8dc35
996c4f78a13a8831742e86c052f19c20
4f29f977e786b2f7f483b47840b9c19d
91472c23ef5e8b0f8dda5fa9ae9afa94
135abd6f35721298cc656a29492be255
db786b773cd75483a122b72fdc392af6

Domains and IPs
Commonline[.]space
g1sea23g.commonline[.]space
tg1sea23g.commonline[.]space
telemetry.commonline[.]space
e1awq1lp.commonline[.]space
mc.commonline[.]space
userfeedsync[.]com
Service.userfeedsync[.]com
telemetry.userfeedsync[.]com

We live and work in browsers. It’s where we spend most of our time — and it’s where we waste most of our time as well. Web browsing is slow, inefficient, and full of time-sapping annoyances.

But it needn’t be that way. You can turn your browser into a lean, mean productivity machine. To do it, just follow these eight tips for Microsoft Edge (the Chromium version, not the legacy one) in Windows 10 or 11. You’ll learn how to switch between home and work profiles; put idle tabs to sleep to speed up your PC and increase battery life; use Edge’s Collection capabilities, perhaps the best productivity-enhancing browser feature of all time; and more.

(Note that these tips are written for Edge in version 23H2 of Windows 11 and version 22H2 of Windows 10; things may be slightly different if you use a different Windows version.)

So let’s get started — time’s a-wasting, and so is your productivity.

1. Switch between work and personal profiles

As work-from-home and remote work models become more common, many people use the same device for work and personal use. When it comes to using a web browser, that can quickly become problematic.

Mixing work and personal favorites makes it far more difficult to quickly get to important work websites or personal websites. When you’re working, you don’t want to wade through hundreds of links to family photos, vacation destinations, and YouTube videos of cats befriending parrots when you’re just looking for the OSHA website about mine safety regulations. And when you’re off working hours and want to watch a video of a Persian cat nuzzling a cockatiel, a website detailing the GDPs of every country in Europe and Asia is not your primary destination.

Different profiles let you completely segregate your browser use. That doesn’t just mean different favorites. It also means different Collections, different extensions, different passwords, and more.

Each Edge profile is tied to a different Microsoft account. So to use different profiles, you’ll need to create different Microsoft accounts. To create a new Microsoft account in Windows 10 or 11:

1. Go to https://account.microsoft.com. If you’re signed in to your account, click your profile icon or initials in the upper-right corner and select Sign out. Close Edge, restart it, and go back to https://account.microsoft.com/.
2. Now click the Sign in button in the middle of the page. On the screen that appears, select the Create one! link, then follow the prompts to create a new account.

You’ve now got two different Microsoft accounts you can use for Edge. When you log into one of those accounts in Windows, that will be the default account that Edge will use when you browse the web.

To switch between the two accounts, you’ll need to add that second account to Edge. To do it:

1. Click the three-dot icon at the top right of Edge, then select Settings > Profiles and click Add Profile at the top right of the screen.
2. On the screen that appears, click Add. You’ll be sent to a web page in a new instance of Edge. Click “Add new account” and select “Sign in to sync data.”
3. On the screen that appears, sign in and confirm that you want to proceed.

Once you’ve done that, you don’t have to log out of your current account and then log into the second account to use it in Edge. Instead, when you want to use the second account, click the three-dot icon at the top right of the Edge window and select Settings > Profiles. Your current profile appears at the top of the screen. To switch to your other profile, find it in the “More profiles” section at the bottom and click the Switch button next to it.

You’ll now be sent straight to that profile. When you do that, Edge will open in a new window. So you’ll have both your profiles running simultaneously, each with its own tabs, in two separate windows. (Note that you can set up multiple additional profiles, not just one additional one.)

To minimize distractions, set up work and personal profiles in Edge.

IDG

You can also tell Edge which profile to use when you visit certain websites. To do it, in Edge select Settings > Profiles > Profile preferences, and in the in the “Automatic profile switching” section, move the Account based profile switching slider to on.  From now on, whenever you visit a new website, a screen will pop up asking which account you want to use to open it. The next time you visit the site, Microsoft will remember which profile you used to visit it previously and will automatically open it in that profile.

It’s worth exploring several other settings here that allow you to customize when to use which profile. For instance, you can tell Edge to automatically open pages that are part of your company’s intranet in your Work profile.

Should you decide you want to remove a profile, in Edge go to Settings > Profiles. Switch to the profile you want to remove. Click the three-dot icon next to the “Sign Out” button and select Remove. You can always add it again later by coming back to this page and clicking the Add Profile button at the top of the screen.

2. Use Collections to turbocharge productivity

If you use only one tip in this article, this should be it: Use Edge’s Collections feature for a big productivity boost. It’s probably the best browser productivity booster you’ll ever find.

Collections let you gather web pages, images, and portions of web pages into a sidebar and organize them by categories. You can also add notes to each of your collections. You can create different collections for each of your projects and store web-based research there. For example, you can set up collections for your budgets, for marketing research, or for just about anything to do with your work.

To use it, click the Collections icon, a + sign inside two squares with rounded corners, in the toolbar at the top right of the screen. The Collections pane opens on the right as a sidebar.

The first time you use Collections, it will automatically start four collections: Wishlist, Reading List, Video Playlist, and Cookbook. You can use any of those collections or select Create new collection at the top of the pane and type in a name. To add the web page you’re on to a collection, move your mouse pointer over the collection and click the Add current page icon (a plus sign) that appears.

You can also add images and selected text or sections of web pages by dragging them to your collection. To add a note, go to a collection, click the three-dot icon that appears when you hover over the item you want to add a note to, then click Add note to item or Add note after item. You can also save the URL of an image on the web to the note.

The Collections feature is Edge’s best productivity booster.

IDG

You can also add web pages to a collection without opening the Collections pane. Right-click on a neutral area of the page and in the pop-up menu that appears, select Add page to Collections and choose the collection you want to add it to or start a new one. You can add images and selected text to a collection the same way.

You can also easily delete collections so that you don’t get overwhelmed by your research. It’s ideal not just for long-term research, but for short-term research for only a day or two, which you’ll then delete.

3. Get to your most-used sites quickly

Bookmarking and organizing favorites is a great way to manage a large collection of websites, but it’s not that useful if you simply want to get to a frequently used site quickly. Edge has some tricks up its sleeve if you want to get your most-used sites pronto.

Add a site to the new tab page

When you open a new tab in Edge, a page appears that shows you news and other items you might be interested in. It’s easy to pin a site to this page so it’s accessible whenever you open a new tab.

Look toward the top of the page, just underneath the search box. If you don’t see icons for pinned pages (such as for Yahoo, Amazon, your inbox, and so on), click the Quick Links down arrow underneath the search box on the right. (If you don’t see the down arrow, click the gear icon at the far right, and in the Quick Links area of the panel that appears, click Off and change it to 1 row.)

A row of site icons appears, along with a + icon. Click the + icon and type or paste in the name and URL of the site you want to pin, then click Add. The site will now appear along with the other pinned pages.

Pinning a site keeps it handy on the new tab page.

IDG

You can rename or remove any site pinned to the new tab page by clicking the three-dot icon next to the site icon and selecting Rename or Remove from the menu that appears.

Pin tabs to the top of Edge

For even faster access to frequently used sites, you can pin them as browser tabs so they appear at the far left of all your other tabs in Edge. When you’re on the site you want to pin as a tab in Edge, right-click its tab and select Pin tab from the menu that appears. The pinned tab will now appear to the left of all your open tabs.

The icon for the pinned tab looks smaller than all of your other tabs, and it will persist even after you shut down and restart Edge. If you have multiple pinned tabs, all of them will appear to the left of any non-pinned tabs.

Pin sites you often visit to the taskbar

For Windows users, the fastest way to access a frequently used site is to pin it to the Windows taskbar. That means it’s always visible (even when Edge isn’t running), and you can launch it with a single click.

When you’re on the site you want to pin, select the three-dot icon at the top right of the browser window and select More tools > Pin to taskbar. A small screen appears with a text box in it with the name of the site. Use the name provided or type a new name into the text box and click Pin.

4. Use the Edge sidebar

Edge has a narrow sidebar to the far right of the screen that you may not know about because it’s typically hidden and can be confusing to use. Some people have no use for it and keep it hidden, but others find it useful. If you haven’t tried it yet, you should give it a try.

If it’s hidden, you can reveal it by clicking the Copilot icon (Copilot is Microsoft’s generative AI chatbot) at the top right of the Edge app. When you do that, both the Edge sidebar and the Copilot pane appear. We’ll cover Copilot later in this article, so for now you’ll learn how to use the sidebar without Copilot.

To get rid of Copilot and keep the sidebar revealed, first click the “Always show sidebar” icon at the bottom right of the sidebar — it’s just above the Settings icon. Now click the X at the top of the Copilot pane. The pane will vanish, but the sidebar, a strip of icons running down the right edge of the app window, stays there.

The Edge sidebar offers quick access to a variety of useful tools, including a calculator, unit converter and translator, shown here.

IDG

Click an icon and a pane opens up for the corresponding app. For example, click the Tools icon (it looks like a small toolbox) and you’ll get variety of useful tools, including a calculator, unit converter, translator, dictionary and more. Click the icon again and the pane vanishes.

There are also icons for opening Outlook, playing games, and more. (Check out the next tip for information about the Microsoft 365 sidebar pane.)

You can add more items to the sidebar by clicking the + icon below the main set of icons. A Customize pane appears where you can browse or search for apps such as Dropbox, Slack, Trello, and many others. When you have a new app open in the sidebar pane, its icon will appear just above the + icon. To keep the app’s icon in the sidebar, right-click it and select Pin to Sidebar.

If you don’t want the sidebar displayed, click the icon just above the Settings icon, and you’ll auto-hide the sidebar.

5. Use Edge as command central for Microsoft 365

Edge can be used as a kind of command central for working with the Microsoft 365 office suite, whether you’ve got a personal or a business version. Go to the Edge sidebar, as described in the previous tip, and click the six-sided multicolored icon. The Microsoft 365 pane appears.

Microsoft 365 apps are easily accessible from inside Edge.

IDG

The pane has icons for all of your Microsoft 365 applications, including Word, Excel, Teams, OneDrive, OneNote, and more. Click any icon to open the web version of that app in the main Edge window. It also shows files you’ve recently opened. Click any to open it in the main Edge window. You can filter the list of files by individual application, if you’d like. To see only Word files, for example, click the Word icon underneath the “Recent” heading.

Note that the files you see in the Microsoft 365 pane depend on which profile you’re logged into in Edge. If you’re logged in with your work profile, you’ll see the Microsoft 365 files you’ve been working on in your business version of M365. If you want to see your personal files, you’ll need to switch to your personal profile, as described in Tip 1.

6. Enlist a Copilot as you browse

As I mentioned earlier, you can also use Copilot, Microsoft’s genAI chatbot, from within Edge. Click the Copilot icon at the top right of Edge, and the Copilot pane appears. There’s a tremendous amount you can do with Copilot, and all of its uses are beyond the scope of this article. To learn more about what it can do and how to use it, see our story “7 ways to use Microsoft Copilot right.”

 However, here’s one use designed specifically for web browsing: giving you information about the current web page you’re viewing. Copilot shows you information such as its rating from users, a bar chart representing total visitors to the site, analysis of where the visitors come from, and so on.  To get to it, click the Insights tab at the top of the pane.

Use Copilot to get info about a website.

IDG

You can also get a summary of the web page you’re viewing (such as a news article or legal brief) by selecting the Generate page summary button in the middle of the Copilot pane. For details, see “7 ways to use Microsoft Copilot right.”

7. Put tabs to sleep to conserve system resources and boost battery life

Like most people, you likely keep multiple tabs open in Edge. That way, you can easily switch among the sites, web apps, and information important to you. It’s a great time-saver.

But it can also be a big memory and processor hog, which can slow down both your browsing and your other computing tasks. It needn’t be that way, though. You can put inactive tabs to “sleep” until you need them, freeing up resources, which will make your PC speedier and make its battery last longer, even when you have multiple tabs open. Microsoft claims that putting inactive tabs to sleep reduces memory use by an average of 32% and CPU use by an average of 37%.

Here’s how to do it:

1. In Edge, click the three-dot icon on the upper right of the screen and select Settings > System and Performance.
2. In the “Optimize Performance” section, move the slider to On next to Save resources with sleeping tabs.
3. To change the length of time it takes to put an inactive tab to sleep, next to “Put inactive tabs to sleep after the specified amount of time,” click the drop-down arrow and select a time. Your choice is anywhere from 30 seconds to 12 hours.

Putting tabs to sleep can significantly reduce CPU and memory use.

IDG

To reawaken any tab that’s been put to sleep, simply click on it, and it will resume normal activity.

There’s a chance that some sites might not work properly after they’ve been put to sleep. If that happens to you, you can tell Edge never to put that site to sleep again. To do it, in the “Never put these sites to sleep” area, click the Add button and paste in the URL of any site you don’t want to sleep.

8. Reduce power use with efficiency mode

Browsers can be power hogs, especially if you have multiple tabs open and are playing videos and music in them. That can be a particular problem if you’re using a laptop that isn’t plugged into a power source.

In Edge, efficiency mode reduces the amount of system resources the browser uses, which extends your PC’s battery life. If you enable efficiency mode, it becomes active when your laptop is unplugged. Microsoft claims efficiency mode can give you on average an extra 25 minutes of battery life. To use it:

1. In Edge, click the three-dot icon on the upper right of the screen and select Settings > System and Performance.
2. In the “Optimize Performance” section, move the slider to On next to “Efficiency mode.”

You can get an extra 25 minutes of battery life with efficiency mode, Microsoft claims.

IDG

Note that if you’re using a desktop PC or your laptop is plugged in, there’s no need to use efficiency mode.

 9. View and mark up PDFs

With Edge, there’s no need to launch a separate piece of software when you come across a PDF online or when you want to read and mark up one on your PC; its built-in PDF app is quite good. With it you can draw on and highlight sections of the PDF and erase the marks you made as well.  So save yourself time and use Edge rather than third-party software.

You don’t need to do anything to read a PDF online. Simply click it, and by default it will launch in Edge’s reader. You’ll find the markup tools, including for drawing, highlighting, and erasing, in a toolbar towards the top of the screen. To open a PDF from your hard disk, when you’re in Edge, press Ctrl-O, then navigate to the PDF you want to open and click it.

Edge has a surprisingly useful PDF viewer with markup tools.

IDG

If you prefer to use your own PDF reader, even for PDFs found online, you might be annoyed that every time you click a PDF, it opens in Edge’s PDF reader. You can change that, though, by changing your default PDF reader.

In Windows Settings, select Apps > Default Apps and in the search box at the top of the screen just below “Set a default for a file type or link type,” type in .pdf. After you do that, the listing “Microsoft Edge Microsoft Edge PDF document” appears. Click it, and a screen appears showing you all the applications on your PC that can read PDFs. Select the one you want to use instead of Edge.

10. Use Edge’s one-click form filler

How many hours a week do you spend mindlessly filling out web forms — your office or home address, shipping address, email address, phone number, and credit card information? Wouldn’t it be nice to get that time back?

With Microsoft Wallet, built into Edge, you can do that. To use it, in Edge go to Settings > Profiles. In the Microsoft Wallet section, click Open Wallet and then click Home. You’ll see sections for adding  a variety of information, such as for credit cards and other payment information, personal information, memberships, and so on. Click any item and type in the information you want to add.

Microsoft Wallet saves information that can be used to fill out forms online.

IDG

From now on, whenever you visit a web form, just click in a text box and your information will appear in a popup. Select it and the form will fill in. You can go back to Microsoft Wallet to change any information you want.

11. Save time with keyboard shortcuts

There’s a good chance you use keyboard shortcuts for some of your office applications, like Word and Excel — and you likely use some for Windows itself.

But when it comes to browsers, many people forgo the keyboard except when absolutely necessary. That’s too bad, because keyboard shortcuts are a big timesaver. So to improve your productivity, check out these keyboard shortcuts for Edge in Windows. (Mac users can generally substitute the Cmd key for Ctrl and the Opt key for Alt.)

For even more shortcuts, see Microsoft’s complete list of keyboard shortcuts for Edge.

Useful keyboard shortcuts in Microsoft Edge Key combinationTaskCtrl-Shift-BShow or hide the favorites barCtrl-DAdd the current site to favoritesAlt-D or Ctrl-LSelect the URL in the Address barCtrl-E or Ctrl-KOpen a search in the Address barCtrl-FFind on the current pageCtrl-RReload the current pageCtrl-HOpen your HistoryCtrl-MMute or unmute volume on the current tabCtrl-NOpen a new windowCtrl-Shift-NOpen a new InPrivate windowAlt-F4 or Ctrl-Shift-WClose the current windowCtrl-TOpen a new tab and switch to itCtrl-WClose the current tabCtrl-TabSwitch to the next tabCtrl-Shift-TabSwitch to the previous tabCtrl-+ (plus symbol)Zoom inCtrl– (hyphen)Zoom outCtrl-PPrint the current page

This article was originally published in March 2021 and updated in April 2024.

Browsers, Microsoft Edge, Productivity Software

When people ask me why I prefer Android over that (cough, cough) other mobile platform, the answer is a little complicated.

Sure, I like the diversity and different options Android affords me in terms of hardware — both with the more mundane, standard sorts of choices and the cutting-edge, adventurous form possibilities. And yes, as someone who very much lives and works within Google’s ecosystem, I enjoy the tighter integration of those services and the better all-around experience I have with them on Android.

I’ve generally never been a fan of Apple’s design style, either, and I find lots of things about the iOS interface to be clunky and awkward.

More than anything, though, these and other similar factors point to the same underlying principle — and what I think really gets at why I’ve been enamored with Android as both a writer and a user for some 16 years now: I appreciate the ability to make my phone work the way I want and the way that makes sense for my own personal style of working. From the hardware to the software and the rich app ecosystem around it, that’s something Android has always embraced and Apple has always resisted.

For me, the most important practical piece of that puzzle is having the ability to change defaults, install advanced efficiency apps, and customize practically every facet of my phone’s interface to make it as personalized and effective as possible for me — and, again, for my specific style of getting stuff done. And there’s no place where that advantage is more apparent than in my phone’s home screen and the associated elements that control how I get around my device each and every day.

[Psst: Love time-savers as much as I do? My Android Shortcut Supercourse will teach you tons of efficiency-enhancing secrets for your phone. Sign up now for free!]

I’m always thinking about ways I can optimize and improve my smartphone setup even further — because Android grants me endless opportunities to do so, and the platform’s community of creative developers embraces that ability and constantly comes out with clever new concepts.

And recently, dear reader, I had a revelation. It’s completely changed the way I use and get around my phone and eliminated tons of inefficiencies. And I’ve got a sneaking suspicion it might just do the same for you.

My Android app drawer epiphany

So first things first: You know about Android launchers, right?

Android launchers are a special category of apps on Android that let you replace your entire home screen environment with a totally different interface. It might be simpler, it might be more customizable, or it might just be a completely different and maybe even unusual kind of concept. There are all sorts of interesting options out there, and the power to choose and find a setup that makes sense for you is entirely in your hands.

For years now, I’ve been partial to a thoughtful and unconventional Android launcher called Niagara Launcher. It’s all about ergonomic efficiency, and I’ve found its model for helping you find what you need quickly and without distractions to be incredibly effective for the way I like to work.

A key part of that comes down to Niagara’s simple vertical lists for opening up apps. Your favorite apps are always in a single column at the left side of your home screen — a spot that’s extremely ergonomic for me, since I tend to hold my phone in my left hand and thus can access all of that easily even during single-handed use — and you then just swipe your finger up or down on either side of your screen to scroll through all of your installed apps whenever you need to find anything else.

My revelation is actually two-fold, all related to that Niagara app access concept. The first part is a totally new take on my home screen involving a different launcher where I’ve recreated that same core Niagara setup and injected a bunch of other advanced efficiency-enhancers into the equation — most of which are hidden out of sight, to maintain a minimal and distraction-free vibe, and accessible via a series of carefully conceived on-screen gestures.

The author’s highly optimized custom Android home screen, complete with a lovely ocean view.

JR Raphael, IDG

It’s quite the zesty stew of creative customization, every last detail of which I’ve shared in my Intelligence Insider Community for my fellow uber-nerds to enjoy and optionally even implement on their own (whether entirely or in selected bits and pieces) — including all of the uncommon touches and out-of-sight efficiency-optimizers I’ve worked weeks to refine and perfect.

Here, though, I want to focus on the second part of that revelation, and that’s all about the app drawer, specifically, and how I’m now finding and opening apps without the time-wasting traipsing that typically accompanies that.

My appreciation of the Niagara scrolling-letter-list model, y’see, led me to have the thought: “Hmm — what if I could recreate this same concept and take it up a notch by making it available not just on my home screen but from anywhere on my phone?”

After all, the most common action most of us take throughout the day is heading back to our home screen to open something. So what if I could cut out that middle-man step entirely and simply swipe along the side of my screen from anywhere to find and open what I want next — whether I’m in my email, my browser, my messages, whatever — without having to first head back to my home screen time and time again?

Being that this is Android and we’re granted the power to make our phones work the way we want them to work, that’s not only possible but also quite easy to accomplish. And — oh, yes — I’ve found the perfect way to make it happen.

The Android app drawer, unshackled

If you’ve been following my Android-scented ramblings for long, you’ve probably heard me rave about the sheer awesomeness of an app called Panels before.

Panels is the kind of app that could only exist on Android. As its name suggests, it lets you create custom panels that pop up when you perform specific gestures along the edges of your phone’s display — like swiping up or down in that area.

I’ve traditionally used Panels to provide easily accessible pop-ups for accessing Android widgets from anywhere. One swipe in a certain preset place, and boom: I can glance at the latest emails in my inbox or access my two-factor authentication codes no matter what else I’m in the midst of doing and without having to waste time going back to my home screen and then opening the associated app from there.

But Panels has another ability beyond those custom widget panels, and that’s giving you an on-demand app drawer you can summon from anywhere on your device.

It works a lot like my trusty old Niagara app list, too, with a simple swiping up and down to move through the list and find the exact app you need at any given moment.

But with Panels, critically, you don’t have to be on your home screen to access that interface. You can set up the app to show you the list as an overlay and effectively give you super-efficient access to your entire Android app drawer universally — with a simple side-of-screen swiping gesture that works on your home screen as well as within any other app or process.

Just one swipe up or down the side of your screen, aaaaand poof: There’s your entire Android app drawer — available in a neatly organized, efficiency-optimized list. You can swipe or tap to reach the letter you want or lean on the favorites to find apps you open often. And, most significantly, again: You can get to all of that from anywhere, without having to first fumble your way back to your home screen and waste countless seconds throughout the day. It essentially extends that part of your home screen throughout your entire device, which is a pretty awesome power to have.

The Android app drawer, optimized for efficiency and available from anywhere.

JR Raphael, IDG

Setting it up is surprisingly simple — and something you’ll only have to do one time:

• First, download and install Panels from the Play Store.
• Open the app and follow the prompts to allow it to send notifications and to display over other apps (two innocuous permissions that are legitimately required for the app to do what it needs to do).
• Now, on the app’s main setup screen, tap “View.”
• Tap the circular blue pencil icon in the lower-right corner of the screen that comes up next and tap “Delete / Reposition / Rename.”
• Tap the trash can icon next to both “Apps and shortcuts” and “Widgets” — two sample panels that are present in the app by default but that you won’t need for these purposes.
• That should leave you with only one remaining panel, called “App list.”

The all-important “App list” option within the Panels Android app.

JR Raphael, IDG

At this point, all that’s left is to think about if you want to have your on-demand app drawer available via a swipe on the left or the right side of your screen. I tend to hold my phone in my left hand, personally, so for me, swiping on the left side of the screen with my thumb is the easiest and most ergonomic gesture. If you hold your phone in your right hand, you might prefer using the right side.

Whichever you choose, make sure the “App list” item is in the appropriate place within that same menu we were just looking at. If you need to move it, press and hold on the right side of its line to drag it into whichever position you want, then tap “Apply.”

And take a deep breath: We’re almost done! At this point, all that’s left are the little details and some opportunities for even more advanced customization.

Some things to consider:

• In the main “Panels” menu on that same settings screen, you may want to extend the length of the “Rows” option to make the list longer and allow it to take up the entire height of your screen without wrapping over to a second line.
• Within that same menu, tapping “List settings” will reveal a series of options for determining if your on-demand app drawer shows recently opened apps, recently installed apps, and recently updated apps along with specific links to different sections of your system settings. You can also manually hide certain apps from the list and prevent ’em from showing up in the list at all, if you have some apps you don’t anticipate ever needing to access.
• If you tap “Trigger” in the main menu selector at the bottom of the screen, you can change the width, height, and precise positioning of the part of your screen where the swipe gesture will be recognized. This may require a bit of experimentation to figure out the optimal placement for you. I like to keep the trigger zone fairly high up on the side of my screen, where (a) I’m unlikely to activate it on accident and (b) it’s easy to reach effortlessly near the spot where my thumb already tends to rest.
• In that same “Trigger” menu, take note of the “Visible width” and “Invisible width” options. By default, Panels will put a thin colored line on the side of your screen to remind you where you can swipe to summon your app drawer. That’s fine if you like it — or if you want to have it there for a little while, until you get used to the idea of using this — but personally, I prefer setting that value to zero and leaving only the “Invisible width” present (meaning there’s no line or visible indication of the panel’s presence on my screen, and I just know where to swipe to find it).
• And note, too, the “Prioritize the back gesture over the trigger” option. If you use Android’s gesture navigation, you’ll almost certainly want to activate that to avoid any conflicts.
• Last but not least, under the “Colors” menu, you can customize the appearance of your panel, if you ever want to play around with that and do something different than the default.

And that, my fellow Android-adoring animal, is about it! Panels doesn’t require any manner of eyebrow-raising permissions, nor does the app collect any kind of personal data. It’s free to use with an optional in-app upgrade to remove some limitations, unlock extra options, and eliminate ads within the configuration interface (and note, if you’re a member of my Intelligence Insider club, you actually have a free lifetime upgrade to the full premium version of Panels as part of your Insider Perk Pack).

I hope you enjoy your new on-demand app drawer as much as I’m enjoying mine — and I hope its presence gives you a renewed appreciation for the choice, flexibility, and genuine practical benefits Android’s approach allows us, just as it has for me.

Get six full days of advanced Android knowledge with my free Android Shortcut Supercourse. You’ll learn tons of time-saving tricks for your phone!

Android, Google, Mobile Apps, Productivity Software

Astronomové objevili největší hvězdnou černou díru v naší galaxii. Pojmenovali ji Gaia-BH3 dle vesmírného dalekohledu Gaia, s jehož pomocí byla odhalena. Hmotnost této černé díry je 33× větší než hmotnost našeho Slunce. Nachází se v souhvězdí Vodnáře ve vzdálenosti asi 2000 světelných let a je tak ...

Pár dní zpátky jsem psal o tom, že Boston Dynamics posílá do důchodu legendárního robota jménem Atlas. Hned jsem také napsal, že to vnímám jako začátek něčeho nového a netušil jsem, že to nové přijde hned vzápětí… Tři stěžejní sdělení: Nový Atlas je bez hydrauliky, na které stavěl původní ...

Vybrali jsme zajímavé a kvalitní filmy, které si můžete pustit na Netflixu. Všechny mají českou podporu, takže české titulky, nebo často i český dabing.

Mobilní procesory Lunar Lake, které Intel přislíbil na letošní rok, mají být konfigurované v plném počtu (4+4) jader. S nižší kombinací se zatím nepočítá, rozlišující budou jiné parametry.

Asus Viobook 15 OLED s desetijádrovým čipem Core i5-1235U a 16 GB RAM obvykle stojí okolo 16 tisíc, v Alze je teď za 14 990 Kč, ale členové programu AlzaPlus+ jej mohou mít jen za 13 491 Kč. Tato cena však platí jen v mobilní aplikaci Alzy, nikoliv na webu. Členství v AlzaPlus+ stojí 59 Kč ...

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

Cisco has developed a product called Hypershield that it thinks represents a new way to do network security.…

ProArt Display PA32KCX je vrcholný model v monitorové nabídce Asusu. Firma s ním cílí na grafická studia a jiné kreativní obory pracující s obrazem vyžadujícím přesné barvy. Novinka má 32 palců a rozlišení 7680 × 4320 px při 60 Hz. Monitor používá IPS panel s MiniLED podsvícením a 4096 ...

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a Newsroomhttp://www.blogger.com/profile/[email protected]

Paměti zdražovaly již před zemětřesením, po období slabé poptávky se totiž vyprodaly sklady a poptávka překonává nabídku. Tento trend však ještě akcentovalo zemětřesení na Tchaj-wanu…

When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder

One of the biggest challenges Singapore faces is the potential for a split between tech stacks developed and used by China and the West, according to the island nation's Cyber Security Administration (CSA) chief executive David Koh.…

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby Newsroomhttp://www.blogger.com/profile/[email protected]

Stymied by sanctions, it had to go … but where?

Chinese surveillance camera manufacturer Zhejiang Dahua Technology, which has found itself on the USA’s entity list of banned orgs, has fully sold off its stateside subsidiary for $15 million to Taiwan's Central Motion Picture Corporation, according to the firm's annual report released on Monday.…