Computers running Windows have recently become the target of a new attack by hackers. Cybercriminals are using a trick to infect devices with the GHOSTPULSE virus. Here’s what you should pay attention to.
Cybercriminals are using a new method to infect computers using application installation files. The problem affects Windows users who want to purchase popular software.
Viruses hidden in Chrome, Edge and Brave – beware of fake installers
Hackers have started using MSIX files. This is still a fairly new format used for packaging and installing files for various applications. It is designed to improve reliability and optimize installation space. However, the innovation has already been used for nefarious purposes: MSIX files infected with malware began to appear on the Internet.
Elastic Security Labs experts warn that unknown attackers have begun distributing installers that pose as popular programs, but at the same time allow the installation of viruses on the system. The infected group included MSIX files of popular applications such as Google Chrome, Microsoft Edge, Brave, Grammarly and Cisco Webex.
“MSIX requires access to purchased or stolen code signing certificates. This makes this method only beneficial for hacking groups with above-average resources,” says Joe DeSimone, a security researcher at Elastic Security Labs.
GHOSTPULSE – virus installation collector
If we accidentally download an infected installer and open the file, the GHOSTPULSE virus may appear on our system. Downloading it is not the last step for hackers. This is the so-called bootloader – the program acts as a foot in the door and installs further viruses into the compromised system.
Once launched, GHOSTPULSE may install a number of other malware. Experts note SectopRAT, Rhadamanthys, Vidar, Lumma and NetSupport RAT. Some of them are remote access programs that will allow you to take control of your computer and access your data. Others allow you to quickly extract information or execute malicious code.
Antiviruses should detect an error after the YARA code “Windows.Trojan.GhostPulse”. So far, we do not know the number or targets of attacks using the new method, or even the hacker group behind the latest MSIX campaign. There are many signs that hackers may be financially motivated.
Source: Wprost
I am George Brown, author at Daily News Hack. I mostly cover economy news and I have been doing this for quite some time now. I have a lot of experience in this field and I’m always looking for new opportunities to learn more.