Security researchers have uncovered PipeMagic, a sophisticated malware disguised as a legitimate ChatGPT desktop application. This malware installs a modular backdoor, granting attackers prolonged access to compromised systems. Discovered during an investigation into a broader attack campaign leveraging a Windows vulnerability (CVE-2025-29824), PipeMagic takes advantage of unpatched systems, even after Microsoft issued a fix in April 2025. Associated with the group Storm-2460, this malware employs a unique modular structure, enabling dynamic communication with its command-and-control server and enhancing evasion tactics against traditional security tools. Although the number of affected organizations is currently limited, the combination of zero-day exploits and modular ransomware poses significant risks. To mitigate potential damage, Microsoft advises immediate application of the April 2025 security patch and activation of advanced security features in Microsoft Defender. This incident underscores a rising trend in cyber threats, where legitimate tools are exploited alongside advanced malware techniques, complicating enterprise detection and response efforts.
Source link
Share
Read more