Corporate Employees Targeted by Vidar Malware
The purpose of Vidar malware is to infiltrate systems and deploy a payload to extract sensitive data.
Continue ReadingMalware
Scanners Turn Attack Vector as TrivyScanner Hijacked via GitHub Actions Tags
Attackers Targeted SSH keys, Cloud Tokens & API secrets in CI/CD Pipelines; Highlights Securing CI/CD Pipelines
In latest vulnerability discovery Aqua Security revealed HackerBot-claw bot hijacked 75 of 76 GitHub Actions tags for its Trivy vulnerability scanner. The HackerBot-claw first distributed credential-stealing malware through the widely used security tool for the second time in a one month.
Malicious code rode alongside legitimate scans, targeting SSH keys, cloud tokens and API secrets in CI/CD pipelines. Security researcher Paul McCarty was the first to warn publicly that Trivy version 0.69.4 had been backdoored, with malicious container images and GitHub releases published to users.
Attack module on Trivy
When it comes to workflow it has been observed that more then 10,000 GitHub workflow files rely on trivy-action. Attackers can leverage this pipeline and pull versions during the attack window which are affected and carry sensitive credentials exfiltrated.
Attackers compromised the GitHub Action by modifying its code and retroactively updating version tags to reference a malicious commit. This permitted data used in CI/CD workflows to be printed in GitHub Actions build logs and finally leaking credentials.
A self-propagating npm worm compromised 47 packages, extending the blast radius into the broader JavaScript ecosystem.
Aqua Security disclosed in a GitHub Discussion that the incident stemmed from incomplete containment of an earlier March 1 breach involving a hackerbot-claw bot.
- Attackers swapped the entrypoint.sh in Trivy’s GitHub Actions with a 204-line script that prepended credential-stealing code before the legitimate scanner.
- Lines 4 through 105 contained the infostealer payload, while lines 106 through 204 ran Trivy as normal.
- This made difficult to detect during routine scans.
TeamPCP preserved normal scan functionality to avoid triggering CI/CD failures as detection now will require cryptographic verification of commit signatures .
For defenders, traditional CI/CD monitoring, which watches for build failures or unexpected output, can no longer catch supply-chain compromises that deliberately maintain normal behavior.
Organizations relying on Trivy or similar open-source security tools are facing attacks from the very scanners meant to protect their pipelines can become the attack vector. Only cryptographic provenance checks can distinguish legitimate releases from poisoned ones.
As per security researchers once inside a pipeline, the malicious script scanned memory regions of the GitHub Actions Runner.
Github Compromise
The attack appears to have been accomplished via the compromise of the cx-plugins-releases (GitHub ID 225848595) service account, as that is the identity involved in publishing the malicious tags.
Credentials exfiltrated during the initial incident were used last week in a new supply chain attack that targeted not only the Trivy package but also trivy-action and setup-trivy, Trivy’s maintainers have confirmed in a March 21 advisory.
Key Findings b Wiz Research
- According to Wiz, the attack appears to have been carried out via the compromise of the “cx-plugins-releases” service account, with the attackers with malicious container images and GitHub releases published to users.
- The second stage extension is activated and the malicious payload checks whether the victim has credentials from cloud service providers such as GitHub, AWS, Google Cloud, and Microsoft Azure.
- When credentials if they are detected, it proceeds to fetch a next-stage payload from the same domain (“checkmarx[.]zone”).
“The payload attempts execution via npx, bunx, pnpx, or yarn dlx. This covers major JavaScript package managers,” Wiz researchers Rami McCarthy, James Haughom, and Benjamin Read said. “The retrieved package contains a comprehensive credential stealer.
Harvested credentials are then encrypted, using the keys as elsewhere in this campaign, and exfiltrated to ‘checkmarx[.]zone/vsx’ as tpcp.tar.gz.”
Conclusion: Aqua Security urged affected users to “treat all pipeline secrets as compromised and rotate immediately.”
Organizations that ran any version of trivy-action, setup-trivy, or Trivy v0.69.4 during the attack window should audit their CI/CD logs for unexpected network connections to scan.aquasecurtiy[.]org and check whether any tpcp-docs repositories were created under their GitHub accounts.
With three major tag-hijacking incidents in 12 months, Wiz security researcher Rami McCarthy recommended that organizations “pin GitHub Actions to full SHA hashes, not version tags.”
Critical YARA Vulnerability Exposes Linux Systems – Patch Now
Summary : YARA is an open-source pattern matching engine widely used by malware researchers, SOC teams, and threat intelligence platforms to identify and classify malware using detection rules. It plays a critical role in malware analysis pipelines, endpoint detection systems, and threat hunting operations.
Kamil Frankowicz discovered that a number of YARA’s functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service.
| OEM | Virus Total / YARA Project (Tool) |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2021-3402, CVE-2021-45429, CVE-2019-19648, CVE-2018-19974, 2018-19975, 2018-19976 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Ubuntu has released a security advisory addressing multiple vulnerabilities in YARA that could allow attackers to cause denial-of-service conditions, disclose sensitive information, or potentially execute arbitrary code when processing specially crafted files or rules.
These vulnerabilities affect Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS depending on the specific issue. Organizations using YARA in security monitoring systems, malware sandboxes, or automated threat detection workflows should apply the security updates immediately.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Mach-O Parser Overflow Read Vulnerability | CVE-2021-3402 | YARA | Critical | 9.1 | Updated Ubuntu packages |
| Mach-O File Parsing Out-of-Bounds Access | CVE-2019-19648 | YARA | High | 7.8 | Updated Ubuntu packages |
Technical Summary
The most critical vulnerability CVE-2021-3402 exists in the macho.c implementation used by YARA to parse Mach-O files.
The flaw allows specially crafted Mach-O files to trigger overflow reads, which could result in denial of service or potential information disclosure. Given its high CVSS score, this issue represents the most severe risk addressed in this advisory.
Another high-severity vulnerability CVE-2019-19648 affects the macho_parse_file() function. When parsing specially crafted Mach-O files, the function may trigger out-of-bounds memory access, potentially leading to application crashes or execution of malicious code in certain scenarios.
Because YARA is frequently integrated into malware analysis platforms and automated threat detection pipelines, successful exploitation could disrupt security monitoring operations or compromise malware analysis environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2021-3402 | YARA (Ubuntu 20.04) | Overflow read vulnerability in Mach-O parsing implementation | DoS, potential information disclosure |
| CVE-2019-19648 | YARA (Ubuntu 20.04) | Out-of-bound memory access during Mach-O file parsing | DoS or possible code execution |
Additional Vulnerabilities
The advisory also includes several medium-severity vulnerabilities affecting YARA components.
| CVE ID | Vulnerability Details | Impact |
| CVE-2021-45429 | Buffer overflow in yr_set_configuration() when parsing crafted rules | Denial of Service |
| CVE-2018-19976 | YARA virtual machine sandbox escape | Possible code execution |
| CVE-2018-19975 | VM sandbox escape vulnerability | Possible code execution |
| CVE-2018-19974 | Virtual machine security bypass | Possible code execution |
Potential Consequences
- Disruption of malware detection pipelines
- Denial of service in security analysis environments
- Information disclosure through crafted files
- Potential arbitrary code execution in analysis systems
- Reduced visibility in SOC threat detection workflows
Remediation
Upgrade affected packages immediately to the patched versions provided by Ubuntu are mentioning below-
Released patches
| Ubuntu Release | Package | Fixed Version |
| Ubuntu 20.04 LTS | libyara3 | 3.9.0-1ubuntu0.1 esm1 |
| yara | 3.9.0-1ubuntu0.1 esm1 | |
| Ubuntu 18.04 LTS | libyara3 | 3.7.1-1ubuntu2+esm1 |
| yara | 3.7.1-1ubuntu2+esm1 | |
| Ubuntu 16.04 LTS | libyara3 | 3.4.0+dfsg-2ubuntu0.1 esm1 |
| python-yara | 3.4.0+dfsg-2ubuntu0.1 esm1 | |
| python3-yara | 3.4.0+dfsg-2ubuntu0.1 esm1 | |
| yara | 3.4.0+dfsg-2ubuntu0.1 esm1 |
If immediate patching is not possible, apply the following temporary mitigations –
- Restrict scanning of untrusted files in automated YARA pipelines.
- Limit rule ingestion from untrusted sources.
- Monitor malware analysis systems for abnormal crashes.
- Limit exposure of YARA-based detection pipelines to untrusted Mach-O or .NET file inputs.
You can follow the recommendations below as the best practice.
- Regularly update malware detection tools.
- Validate YARA rules before deployment.
- Validate and sandbox file inputs before passing them to YARA for analysis.
- Implement least-privilege execution environments for YARA scanning processes.
- Monitor logs for abnormal process crashes or memory-related errors in YARA.
Conclusion:
Multiple vulnerabilities in YARA could allow attackers to disrupt malware detection processes or compromise analysis environments. The critical vulnerability CVE-2021-3402 and high-severity vulnerability CVE-2019-19648 pose the greatest risk and should be prioritized for remediation.
Organizations using YARA in SOC operations, malware analysis pipelines, or threat intelligence systems should apply the latest Ubuntu security updates immediately to maintain reliable threat detection capabilities.
References:
Chrome V8 Type Confusion Vulnerability Actively Exploited In The Wild
Summary : Security advisory: Google has released an urgent security update to patch two high-severity Type Confusion vulnerabilities in the V8 JavaScript engine. The CVEs vulnerabilities are CVE-2025-13223, CVE-2025-13224 .
| OEM | |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-13223, CVE-2025-13224 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
One of these vulnerability (CVE-2025-13223) is already being actively exploited in the wild, allowing attackers to potentially execute arbitrary code through malicious web content. which attackers can bypass Chrome’s sandbox, steal sensitive data, or deploy malware. The fixes have been rolled out for Chrome Stable 142.0.7444.175/.176 across Windows, Mac, and Linux.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Type Confusion Vulnerability in V8 JavaScript Engine | CVE-2025-13223 | Google Chrome | High | v142.0.7444.175 / v142.0.7444.176 |
| Type Confusion Vulnerability in V8 JavaScript Engine | CVE-2025-13224 | Google Chrome | High | v142.0.7444.175 / v142.0.7444.176 |
Technical Summary
Both vulnerabilities occur from Type Confusion vulnerabilities in Chrome’s V8 engine, where incorrect data-type handling leads to memory corruption and possible code execution. The CVE-2025-13223 is already being exploited in the wild and may involve APT-driven activity.
Another vulnerability was found internally through Google’s Big Sleep fuzzing system as part of ongoing proactive defense.
These weaknesses can allow attackers to bypass browser security boundaries and execute malicious actions remotely. Urgent need for users and administrators to apply Chrome’s latest security updates immediately.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-13223 | Google Chrome (V8 Engine) | Type confusion due to improper type handling in V8 allowing memory corruption. | Remote Code Execution, Sandbox Escape |
| CVE-2025-13224 | Google Chrome (V8 Engine) | Type confusion triggered during script execution, discovered via fuzzing | Remote Code Execution, Browser Crash |
Remediation:
- Immediate Action: Users and organization administrators should update Chrome immediately to the following patched versions:
- Windows: 142.0.7444.175 / 142.0.7444.176
- MacOS: 142.0.7444.176
- Linux: 142.0.7444.175
Here are some recommendations below
- Enforce Chrome auto-updates on all endpoints via enterprise policies.
- Monitor browser crash logs and unusual behaviors tied to JavaScript execution.
- Run updated vulnerability & patch management tools to ensure full endpoint compliance.
- Educate users to avoid suspicious links and unknown websites during active exploitation events
Conclusion:
With Chrome being the most widely used browser globally, prompt updates are essential for the new security vulnerabilities. Maintaining browsers at the latest versions remains the strongest defenses against modern web-based attacks in modern cyber world.
References:
TP-Link Security Update, Omada Gateway Exploits Fixed in October Release
Summary: TP-Link’s October 2025 security updates fixes 4 vulnerabilities in its Omada Gateway devices, including multiple models commonly used in business networks.
| OEM | TP-Link |
| Severity | Critical |
| CVSS Score | 9.3 |
| CVEs | CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, CVE-2025-7851 |
| Date of Announcement | 2025-10-21 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview:
The vulnerabilities allow attackers to execute remote commands, even without authentication, potentially compromising systems. Some vulnerabilities also let authenticated users inject commands or gain root access, which could lead to traffic interception, configuration changes or malware installation. Security teams are advised to update firmware immediately, review network configurations and change passwords to reduce the risk of exploitation.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| OS Command Injection Vulnerability | CVE-2025-6542 | TP-Link Omada Gateways | Critical | 9.3 |
| Command Injection Vulnerability | CVE-2025-7850 | TP-Link Omada Gateways | Critical | 9.3 |
Technical Summary:
TP-Link Omada Gateways allows attackers to run arbitrary commands. The most critical one, CVE-2025-6542, a remote attacker can take full control of the device without logging in through the web interface. Another one allows logged-in users to inject commands and gain root access. The issues show the risks of exposed management portals. TP-Link recommends updating firmware, limiting network access and monitoring systems for any signs of attack.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-6542 | TP-Link Omada Gateways (ER605, ER7206, ER8411 & Others) | Unauthenticated remote attackers can execute arbitrary OS commands on the device | Remote Code Execution, System Compromise, Malware Deployment |
| CVE-2025-7850 | TP-Link Omada Gateways (ER7412-M2, ER7212PC, & Others) | Command injection exploitable after admin authentication on the web portal | System Compromise, Root-Level Control |
Additional Vulnerabilities:
The following high-severity vulnerabilities were also addressed in October 2025 TP-Link security updates for Omada Gateways –
| Vulnerability Name | CVE ID | Affected Component | Severity |
| Authenticated Arbitrary OS Command Execution in Omada Gateways | CVE-2025-6541 | TP-Link Omada Gateways | High |
| Root Shell Access Under Restricted Conditions in Omada Gateways | CVE-2025-7851 | TP-Link Omada Gateways | High |
Remediation:
Install the October 2025 firmware updates immediately via the TP-Link support portal to mitigate risks. Here is the below table with the updated version information for the models.
| Model | Affected Versions | Fixed Version |
| ER8411 | < 1.3.3 Build 20251013 Rel.44647 | >= 1.3.3 Build 20251013 Rel.44647 |
| ER7412-M2 | < 1.1.0 Build 20251015 Rel.63594 | >= 1.1.0 Build 20251015 Rel.63594 |
| ER707-M2 | < 1.3.1 Build 20251009 Rel.67687 | >= 1.3.1 Build 20251009 Rel.67687 |
| ER7206 | < 2.2.2 Build 20250724 Rel.11109 | >= 2.2.2 Build 20250724 Rel.11109 |
| ER605 | < 2.3.1 Build 20251015 Rel.78291 | >= 2.3.1 Build 20251015 Rel.78291 |
| ER706W | < 1.2.1 Build 20250821 Rel.80909 | >= 1.2.1 Build 20250821 Rel.80909 |
| ER706W-4G | < 1.2.1 Build 20250821 Rel.82492 | >= 1.2.1 Build 20250821 Rel.82492 |
| ER7212PC | < 2.1.3 Build 20251016 Rel.82571 | >= 2.1.3 Build 20251016 Rel.82571 |
| G36 | < 1.1.4 Build 20251015 Rel.84206 | >= 1.1.4 Build 20251015 Rel.84206 |
| G611 | < 1.2.2 Build 20251017 Rel.45512 | >= 1.2.2 Build 20251017 Rel.45512 |
| FR365 | < 1.1.10 Build 20250626 Rel.81746 | >= 1.1.10 Build 20250626 Rel.81746 |
| FR205 | < 1.0.3 Build 20251016 Rel.61376 | >= 1.0.3 Build 20251016 Rel.61376 |
| FR307-M2 | < 1.2.5 Build 20251015 Rel.76743 | >= 1.2.5 Build 20251015 Rel.76743 |
Here are some recommendations below
- Restrict network access to the management interface and enable trusted networks only.
- Apply least privilege principles and regular security audits for network devices.
- Disable remote management if not required and segment networks to limit lateral movement.
Conclusion:
There is no active exploitation noticed but organizations must prioritize firmware updates to prevent data breaches, malware and intrusions. Security teams should deploy updates immediately, enhance monitoring and implement mitigations to safeguard critical infrastructure.
References:
New Stealit Malware Campaign Leveraged VPN installers to Exploit Node.js as per Fortinet
Cyber criminals are installing Stealit malware campaign that leverages VPN installers to exploit Node.js’ Single Executable Application (SEA) features and distribute its payloads. In the past Stealit campaigns were built using Electron, an open-source framework that packages Node.js scripts as NSIS installers for distribution.
As per Fortinet cyber criminals deployed a new active Stealit malware campaign deploying via disguised applications.
Malware campaign are now designed and placed in such a way are mostly AI-generated, legitimate-looking code to infiltrate systems. These malwares can evade detection and gain persistent access to maximize disruption worldwide.
Researchers observed that filenames this malware is used and distributed as disguised installers for games and VPN applications. This was same as observed in previous campaigns.
How the campaign was devised?
First the cyber criminals gained initial access is gained via fake game and VPN installers bundled in PyInstaller and common compressed archives. Then uploaded to file-sharing sites such as Mediafire and Discord.
The threat actor then employed heavy obfuscation and numerous anti-analysis techniques to evade detection and complicate analysis.
Purpose of Stealit Campaign
The present situation are making attackers more desperate try to integrate these malware in games, demo s to make them appear legitimate. In some situations, the game might be real but one cannot deny presence of malware.
These files look safe, but they are designed to run code that steals credentials, drains cryptocurrency wallets, or takes over accounts.
In some cases, attackers slip the malware into an update after release so it’s not suspicious from the get-go. Other times, they redirect players off a storefront to an external download that evades platform checks.
When the malware binary was updated, Stealit has relocated its panel website to new domains. When reserachers first observed this campaign, the panel—also functioning as the Command-and-Control (C2) server—was hosted at stealituptaded[.]lol. As per researchers the domain quickly became inaccessible as the C2 server was moved to iloveanimals[.]shop.
Accessing the panel leads to a commercial website for Stealit, which promotes itself as offering “professional data extraction solutions” through various subscription plans.
A dedicated features page outlines its capabilities, highlighting typical remote access trojan (RAT) functionalities such as file extraction, webcam control, live screen monitoring, and ransomware deployment targeting both Android and Microsoft Windows systems. The site also features instructional videos that demonstrate how the service operates on each platform.
The website offers payment plans for the Windows and Android versions of the stealer, with lifetime subscriptions available for approximately $ 500 and $ 2,000, respectively.
The service also has a Telegram channel named StealitPublic, where they post updates and promotions to possible clients. The main contact person is a Telegram user with the handle @deceptacle.
Operators of the malware have also imbued the latest Stealit variant with heavily obfuscated code and comprehensive anti-analysis checks. Such findings were regarded by Bugcrowd Chief Strategy and Trust Officer Trey Ford as indicative of an evolving focused cyber campaign.
At the end we should remember that threat actors can time their campaigns for maximum effect and any time new content could appear and any hype paves way for “early access” invites much more believable.
We often or might encounter weather On Discord or Telegram, attackers rely on social engineering and compromise accounts by sending messages as ‘try our game” and subsequently that messages also reach friends.
Victims often trust the sender and install the file this extends the scam’s reach.
(Reference: https://www.fortinet.com/blog/threat-research/stealit-campaign-abuses-nodejs-single-executable-application)
Cyber Campaign by Hacker’s on Microsoft teams invites to execute “device code phishing” attacks
Microsoft Teams have been on top of prime targets by threat actors and this time a Cyber campaign by Storm-2372 a hacking group targeted Microsoft Teams, a platform where collaboration and meeting is most sought after while inviting for meeting and executing “device code phishing” attacks.
The cyber campaign targets governments, NGOs, IT services, defense, telecommunications, health, education, and energy sectors across Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence team has rounded up and hardened the Teams environment, with countermeasures and controls across identity, endpoints, and network layers.
“It should come as no surprise that if they can build a persona for social engineering, they will take advantage of the same resources as legitimate organizations, including custom domains and branding, especially if it can lend credibility to impersonating internal help desk, admin, or IT support,” Microsoft explains.
Prime Target of Hackers
The attack pattern reveal type of social engineering campaign, which often combines a traditional email spam campaign with Microsoft Teams-based manipulation.
The primary target of hackers is to use convincing pretexts to compromise targets through chat messaging or phone calls. But for actual compromise and initial access on Teams, hackers will need to deliver information-stealing malware, which leads to credential theft, extortion, and ransomware.
As Microsoft Team is popular it is also a carrier of Malware which are mostly information stealing. Microsoft noted the rise in email bombing (sending large volumes of emails) to create a sense of urgency.
Not one but many hacking groups have previously targeted Microsoft teams of which Russian hackers from Midnight Blizzard have been imitating security and tech support teams. The hackers urging targets to “verify their identities under the pretext of protecting their accounts by entering authentication codes.”
Microsoft noted the rise in email bombing (sending large volumes of emails) to create a sense of urgency. These emails prompt recipients to authenticate using the provided device code on Microsoft’s legitimate login page.
The threat actor targets the victim, allows him to complete authentication then intercepts the access and refresh tokens generated during the process.
(Image courtesy: Cybersecuritynews.com)
Threat Mitigation strategies:
- Any suspicious activity if detected, revoke user refresh tokens using revokeSignInSessions.
- Important to Enforce MFA and block risky sign-ins based on user behavior.
- FIDO tokens or passkeys instead of SMS-based MFA must be adopted
- Integrate streamlined monitoring and response with on-premises directories .
The attackers’ intent was to convince users to download the remote monitoring and management (RMM) tool, AnyDesk, which would give them initial access to the target environment with the ultimate aim of deploying ransomware.
Threat Actors Exploiting Microsoft Teams to Gain Remote Access & Transfer Malware
Security Advisory:
A new wave of social engineering attacks is exploiting Microsoft Teams, one of the most trusted enterprise collaboration platforms as a malware delivery channel.
Threat actors are impersonating IT support staff to trick employees into installing remote access tools and running malicious PowerShell scripts, enabling full compromise of victim environments.
This campaign represents an evolution beyond traditional phishing, weaponizing corporate communication channels that employees inherently trust. Once access is established, attackers deploy multifunctional malware loaders such as DarkGate and Matanbuchus, with capabilities for credential theft, persistence, lateral movement and ransomware deployment.
Technical Summary
Security researchers have observed financially motivated threat groups abusing Microsoft Teams chats and calls to impersonate IT administrators. Attackers create malicious or compromised Teams accounts often using convincing display names like “IT SUPPORT ” or “Help Desk Specialist” as looking like legitimate and verified account to initiate direct conversations with employees. The social engineering process typically follows this chain
Attack Process Source: permiso.io
It included the malware features
- Credential theft via GUI-based Windows prompts.
- Persistence using Scheduled Tasks (e.g. Google LLC Updater) or Registry Run keys.
- Encrypted C2 communications with hardcoded AES keys & IVs.
- Process protection via RtlSetProcessIsCritical, making malware harder to remove.
- Harvesting system info for reconnaissance and follow-on payloads.
The campaigns have been linked to threat actor groups such as Water Gamayun (aka EncryptHub), known for blending social engineering, custom malware and ransomware operations.
| Element | Detail |
| Initial Access | Direct messages/calls via Microsoft Teams impersonating IT staff |
| Social Engineering | Fake IT accounts with display names like “IT SUPPORT ✅” and onmicrosoft.com domains |
| Malicious Tools | QuickAssist, AnyDesk, PowerShell-based loaders (DarkGate, Matanbuchus) |
| Persistence | Scheduled Tasks (Google LLC Updater), Registry autoruns |
| Payload Features | Credential theft, system profiling, encrypted C2, remote execution |
| Target | Enterprise employees, IT professionals, developers |
| Objective | Credential theft, long-term access, ransomware deployment |
IOCs
Organizations are urged to block the following indicators immediately:
| Indicator | Type |
| https://audiorealteak[.]com/payload/build.ps1 | URL |
| https://cjhsbam[.]com/payload/runner.ps1 | URL |
| 104.21.40[.]219 | IPv4 |
| 193.5.65[.]199 | IPv4 |
| Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.500.0 Safari/534.6 | UA |
| &9*zS7LY%ZN1thfI | Initialization Vector |
| 123456789012345678901234r0hollah | Encryption Key |
| 62088a7b-ae9f-2333-77a-6e9c921cb48e | Mutex |
| Help Desk Specialist | User Display Name |
| IT SUPPORT | User Display Name |
| Marco DaSilva IT Support | User Display Name |
| IT SUPPORT | User Display Name |
| Help Desk | User Display Name |
| @cybersecurityadm.onmicrosoft.com | User Principal Name |
| @updateteamis.onmicrosoft.com | User Principal Name |
| @supportbotit.onmicrosoft.com | User Principal Name |
| @replysupport.onmicrosoft.com | User Principal Name |
| @administratoritdep.onmicrosoft.com | User Principal Name |
| @luxadmln.onmicrosoft.com | User Principal Name |
| @firewalloverview.onmicrosoft.com | User Principal Name |
Remediation:
- Strengthen Microsoft Teams Security
- Restrict external tenants and enforce strict access control on Teams.
- Implement anomaly detection for suspicious Teams account activity.
- Block installation of unauthorized remote access tools (QuickAssist, AnyDesk).
2. Enhance Endpoint & Network Defenses
- Monitor PowerShell execution with EDR/XDR solutions.
- Detect persistence artifacts (scheduled tasks, autorun keys, rundll32 activity).
- Block known IoCs at DNS/firewall levels.
3. Employee Awareness & MFA Security
- Train employees to verify IT support requests through independent channels.
- Warn staff against installing software via unsolicited Teams messages.
- Enforce multi-factor authentication (MFA) for all accounts.
Conclusion:
By shifting malware delivery into Microsoft Teams, attackers are exploiting a platform that enterprises inherently trust. The blending of social engineering with technical abuse of PowerShell and remote access tools makes this campaign particularly dangerous, enabling attackers to infiltrate organizations without relying on traditional email phishing.
Organizations must treat collaboration platforms as high-value attack surfaces not just communication tools. Strengthening monitoring, restricting external interactions and training employees to validate IT requests are critical to defending against this evolving threat.
References:
Deep Dive into AI Ransomware ‘PromptLock’ Malware
AI Ransomware ‘PromptLock’ uses OpenAI gpt-oss-20b Model for Encryption has been identified by ESET research team, is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components. As we Deep dive into AI Ransomware we discover the intricacies and challenges organizations face dure to AI ransomware.
The malware uses OpenAI’s gpt-oss:20b model via the Ollama API to create custom, cross-platform Lua scripts for its attack.
PromptLock is written in Golang and has been identified in both Windows and Linux variants on the VirusTotal repository and uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time.
ESET researchers have discovered the first known AI-powered ransomware. The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt and possibly even destroy data, though this last functionality appears not to have been implemented in the malware yet.
PromptLock was not spotted in actual attacks and is instead thought to be a proof-of-concept (PoC) or a work in progress, ESET’s discovery shows how malicious use of publicly-available AI tools could supercharge ransomware and other pervasive cyberthreats.
“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” said ESET researchers.
New Era of AI Generated Ransomware
A tool can be used to automate various stages of ransomware attacks and the same can be said as AI-powered malware are able to adapt to the environment and change its tactics on the fly and warns of a new frontier in cyberattacks.
Its core functionality is different then traditional ransomware, which typically contains pre-compiled malicious logic. Instead, PromptLock carries hard-coded prompts that it feeds to a locally running gpt-oss:20b model.
As per researchers for its encryption payload, PromptLock utilizes the SPECK 128-bit block cipher, a lightweight algorithm suitable for this flexible attack model.
ESET researchers emphasize that multiple indicators suggest PromptLock is still in a developmental stage. For instance, a function intended for data destruction appears to be defined but not yet implemented.
Indicators of Compromise (IoCs)
Malware Family: Filecoder.PromptLock.A
SHA1 Hashes:
24BF7B72F54AA5B93C6681B4F69E579A47D7C102AD223FE2BB4563446AEE5227357BBFDC8ADA3797BB8FB75285BCD151132A3287F2786D4D91DA58B8F3F4C40C344695388E10CBF29DDB18EF3B61F7EF639DBC9B365096D6347142FCAE64725BD9F73270161CDCDB46FB8A348AEC609A86FF5823752065D2
Given LLMs’ success, many companies and academic groups are currently creating all kinds of models and constantly developing variants and improvements to LLM. In the context of LLMs, a “prompt” is an input text given to the model to generate a response.
The success rate is high so threat actors are leveraging these models for illicit purposes, making it easier to create sophisticated attacks like ransomware and evade traditional defenses. sale of models Now
By automating the creation of phishing emails, ransomware scripts, and malware payloads, LLMs allow less skilled attackers to conduct sophisticated campaigns.
For AI-powered ransomware
AI-powered ransomware is a challenging threat to organizations far and above older attack tactics adopted by cyber criminals. If organization’s basic defensive methods such as ensuring critical vulnerabilities are patched as soon as possible, network traffic is monitored and implementing offline backups applied on time.
How Intrucept helps Defend Against AI-Powered Ransomware
Analyzing threat by behavior allows for early detection and response to malware threats and alert generation,. This reduces the risk of data exfiltration.
Intru360
Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst.
Unify latest threat intelligence and security technologies to prioritize the threats that pose the greatest risk to your company.
Here are some features we offer:
- Over 400 third-party and cloud integrations.
- More than 1,100 preconfigured correlation rules.
- Ready-to-use threat analytics, threat intelligence service feeds, and prioritization based on risk.
- Prebuilt playbooks and automated response capabilities.
Source of above graphics : Courtesy: First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption
Fake ChatGPT Desktop App used to deliver PipeMagic Malware
Microsoft finds that a fake ChatGPT Desktop App Delivering PipeMagic Backdoor,a part of sophisticated malware framework. The PipeMagic campaign represents a dangerous evolution in the global cybercrime landscape. The malicious campaign, powered by a new backdoor called PipeMagic, targets multiple industries including IT, finance, and real estate. The PipeMagic attack is centered around CVE-2025-29824, a critical Windows Common Log File System (CLFS) vulnerability
The PipeMagic campaign a malware to technical threat exploiting trust globally
As per Microsoft cybercriminals are disguising malware as widely popular ChatGPT Desktop Application to launch ransomware attacks across the globe.
PipeMagic’s evolution from malware to technical threat exploiting trust globally
The malware allows hackers to escalate privileges once inside a system, by leveraging the immense popularity of ChatGPT, attackers have successfully weaponized user trust.
Microsoft has linked the operation to Storm-2460, a financially motivated cybercrime group known for deploying ransomware through stealthy backdoors.
PipeMagic is a malware first detected in December 2022 while investigating a malicious campaign involving RansomExx. The victims were industrial companies in Southeast Asia. To penetrate the infrastructure, the attackers exploited the CVE-2017-0144 vulnerability.
The backdoor’s loader was a trojanized version of Rufus, a utility for formatting USB drives. PipeMagic supported two modes of operation – as a full-fledged backdoor providing remote access, and as a network gateway – and enabled the execution of a wide range of commands.
Pipemagic’s technique of attack
PipeMagic also reflects a growing trend where attackers combine fileless malware techniques with modular frameworks.
By running directly in memory, it avoids detection from traditional signature-based tools. The modular design means it can expand its functionality much like commercial software — essentially transforming cybercrime into a scalable business model.
Another key point is the use of cloud infrastructure for command-and-control. By hosting their servers on Azure, the hackers blend into normal enterprise traffic, making malicious communications far less suspicious. This tactic underscores the need for behavioral monitoring instead of relying solely on blacklists.
Microsoft attributes PipeMagic to a financially motivated group known as Storm-2460. This is a warning sign for future attacks in the broader cybersecurity landscape.
PipeMagic’s modus operandi could be an inspiration for future malware families and its modular framework could fuel a wave of ransomware-as-a-service operations. That possibility raises the stakes not just for enterprises but also for small businesses and even government institutions.
The first stage of the PipeMagic infection execution begins with a malicious in-memory dropper disguised as the open-source for chat GPT application project. The threat actor uses a modified version of the GitHub project that includes malicious code to decrypt and launch an embedded payload in memory.
The embedded payload is the PipeMagic malware, a modular backdoor that communicates with its C2 server over TCP. Once active, PipeMagic receives payload modules through a named pipe and its C2 server.
The malware self-updates by storing these modules in memory using a series of doubly linked lists.
These lists serve distinct purposes for staging, execution, and communication, enabling the threat actor to interact and manage capabilities of backdoor throughout its lifecycle.
By offloading network communication and backdoor tasks to discrete modules, PipeMagic maintains a modular, stealthy, and highly extensible architecture, making detection and analysis significantly challenging.
Microsoft Threat Intelligence encountered PipeMagic as part of research on an attack chain involving the exploitation of CVE-2025-29824, an elevation of privilege vulnerability in Windows Common Log File System (CLFS).
Recent Comments