19.2 C
Munich
Friday, March 29, 2024

GHOSTPULSE and that’s it. Hackers attack Windows

Must read

Computers running Windows have recently become the target of a new attack by hackers. Cybercriminals are using a trick to infect devices with the GHOSTPULSE virus. Here’s what you should pay attention to.

Cybercriminals are using a new method to infect computers using application installation files. The problem affects Windows users who want to purchase popular software.

Viruses hidden in Chrome, Edge and Brave – beware of fake installers

Hackers have started using MSIX files. This is still a fairly new format used for packaging and installing files for various applications. It is designed to improve reliability and optimize installation space. However, the innovation has already been used for nefarious purposes: MSIX files infected with malware began to appear on the Internet.

Elastic Security Labs experts warn that unknown attackers have begun distributing installers that pose as popular programs, but at the same time allow the installation of viruses on the system. The infected group included MSIX files of popular applications such as Google Chrome, Microsoft Edge, Brave, Grammarly and Cisco Webex.

“MSIX requires access to purchased or stolen code signing certificates. This makes this method only beneficial for hacking groups with above-average resources,” says Joe DeSimone, a security researcher at Elastic Security Labs.

GHOSTPULSE – virus installation collector

If we accidentally download an infected installer and open the file, the GHOSTPULSE virus may appear on our system. Downloading it is not the last step for hackers. This is the so-called bootloader – the program acts as a foot in the door and installs further viruses into the compromised system.

Once launched, GHOSTPULSE may install a number of other malware. Experts note SectopRAT, Rhadamanthys, Vidar, Lumma and NetSupport RAT. Some of them are remote access programs that will allow you to take control of your computer and access your data. Others allow you to quickly extract information or execute malicious code.

Antiviruses should detect an error after the YARA code “Windows.Trojan.GhostPulse”. So far, we do not know the number or targets of attacks using the new method, or even the hacker group behind the latest MSIX campaign. There are many signs that hackers may be financially motivated.

Designed by: Krzysztof Sobiepan
Source: Technical radar
  • Information Security
  • Technologies
  • Companies and markets
  • World

Source: Wprost

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article