• Microsoft warns dangerous PipeMagic backdoor is being disguised a

    From TechnologyDaily@1337:1/100 to All on Tuesday, August 19, 2025 15:15:09
    Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app - here's what we know

    Date:
    Tue, 19 Aug 2025 14:05:00 +0000

    Description:
    The familiarity of a popular GitHub project is being abused to deploy a
    highly modular backdoor framework, Microsoft warns.

    FULL STORY ======================================================================Microsof t saw a modified version of a GitHub project carrying malware The malware can serve as both a backdoor and an infostealer The group behind it was seen deploying encryptors, too

    Microsoft has warned of a fake ChatGPT desktop application circulating online which actually carries a highly modular malware framework serving as an infostealer and a backdoor.

    In an in-depth report , Microsoft said it observed the framework it dubbed PipeMagic, originating on GitHub.

    The first stage of the PipeMagic infection execution begins with a malicious in-memory dropper disguised as the open-source ChatGPT Desktop Application project, the report reads. The threat actor uses a modified version of the GitHub project that includes malicious code to decrypt and launch an embedded payload in memory. A handful of victims

    The malware is the work of a threat actor known as Storm-2460, which
    Microsoft also flagged in early April 2025 abusing a zero-day vulnerability
    in the Common Log File System to deploy the RansomEXX encryptor.

    In this case, while the group abused the same flaw - CVE-2025-29824,
    Microsoft did not state which encryptor was deployed. PipeMagic seems to have evolved, since in the earlier report, it was described as a simple backdoor trojan.

    Now, its described as a highly modular malware framework which allows threat actors to execute payloads dynamically, maintain persistent control, and communicate stealthily with command-and-control servers. It can manage encrypted payload modules in memory, perform privilege escalation, collect extensive system information, and execute arbitrary code through its linked list architecture.

    PipeMagic also supports encrypted inter-process communication via named pipes and can self-update by receiving new modules from its C2 infrastructure.

    While Microsoft said the number of victims was limited, it did not discuss concrete numbers. The targets were observed in the United States, across Europe, South America, and the Middle East. Most targeted industries include IT, financial, and real estate.

    To mitigate the threat, Microsoft recommended a layered defense strategy, which include enabling tamper protection and network protection in Microsoft Defender for Endpoint, and running endpoint detection and response in block mode, among other things. You might also like Hackers exploit zero-day Common Log File System vulnerability to plant ransomware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-warns-dangerous-pipemagic-bac kdoor-is-being-disguised-as-chatgpt-desktop-app-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)