ShiftDelete.net
FOLLOW US

Hackers target businesses in Asia and Saudi Arabia with PipeMagic Trojan

Cybercriminals exploit a fake ChatGPT app designed to lure victims, while embedding a backdoor that extracts sensitive data

cybersecurity, Kaspersky, malware, PipeMagic, backdoor attack, fake ChatGPT, corporate security breach

Kaspersky’s Global Research and Analysis Team (GReAT) recently exposed a new cyberattack campaign utilizing the dangerous PipeMagic Trojan. The attack specifically targets businesses, starting in Asia and spreading to organizations in Saudi Arabia. Cybercriminals exploit a fake ChatGPT app, designed to lure victims, while embedding a backdoor that extracts sensitive data and allows remote access to compromised devices.

The malicious software serves as both a gateway and a launching pad for additional malware attacks on corporate networks. Disguised as a legitimate application built using the Rust programming language, the Trojan mimics genuine software to deceive unsuspecting users. Once launched, the app displays a blank screen but secretly unleashes an encrypted payload of 105,615 bytes.

PipeMagic Trojan uses advanced techniques

Kaspersky initially identified PipeMagic in 2022, noting its alarming potential to compromise organizations across various sectors. While the initial attacks remained limited to Asia, the recent resurgence of the Trojan in Saudi Arabia demonstrates the expansion of the threat. The malware now uses advanced techniques, including memory allocation and obfuscation of Windows API functions, to evade detection and successfully infiltrate systems.

PipeMagic’s uniqueness lies in its ability to create a pipe structure, specifically named in the format \\.\pipe\1.<hex string>, and continuously generate, read, and destroy the pipe threads. These pipes allow the Trojan to receive encoded payloads and block local interface signals. Frequently, the malware interacts with command-and-control (C2) servers hosted on Microsoft Azure, from which it downloads additional modules for further exploitation.

Android users beware! Trojan detected in five apps

Android users beware! Trojan detected in five apps

Anatsa, a trojan, has been detected in five antivirus apps on the Google Play Store. So, which apps are they?

Sergey Lozhkin, Kaspersky’s GReAT Security Research Leader, highlighted the evolving nature of cybercriminal strategies. “Cybercriminals adapt to reach more efficient targets, as seen in PipeMagic’s expansion from Asia to Saudi Arabia. We expect an increase in attacks using this backdoor,” Lozhkin warned.

Kaspersky urges organizations to adopt comprehensive cybersecurity measures, including downloading software from official sources, enhancing endpoint protection, and conducting cybersecurity training for employees to combat phishing and other social engineering techniques.

backdoor attack
corporate security breach
CyberSecurity
fake ChatGPT
kaspersky

SDN Comments 0 Comments

Comment

Related News

2024 Nobel Prize in Physics goes to fathers of AI
2024 Nobel Prize in Physics goes to fathers of AI
Days before the launch: The design of vivo X200 Pro has been officially shared!
Days before the launch: The design of vivo X200 Pro has been officially shared!
vivo X200 comes with a huge battery
vivo X200 comes with a huge battery
Samsung is preparing to pull the plug on its popular model!
Samsung is preparing to pull the plug on its popular model!

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio