- Microsoft saw a modified version of a github project with malware
- Malware can serve as a back door and an infant
- The group behind this was also displayed encrygers
Microsoft has warned about a false chatpt desktop application that circulates online that actually entails a highly modular malware frame that serves as infants infants of infants and a rear door.
In an in -depth report, Microsoft said he observed the frame he called Pipemagic, originated in Github.
“The first stage of the execution of Pipemagic infections begins with a malicious droplet in disguised memory such as the open -source chatgpt desktop application,” says the report. “The threat actor uses a modified version of the Github project that includes malicious code to decipher and launch an integrated useful charge in memory.”
A handful of victims
Malware is the work of a threat actor known as Storm-2460, which Microsoft also marked in early April 2025 that abused a zero day vulnerability in the common record file system to implement the Ransomexx encryption.
In this case, while the group abused the same fault: CVE-2025-29824, Microsoft did not declare what encryption it was implemented. Pipemagic seems to have evolved, since in the previous report, it was described as a simple rear door Trojan.
Now, it is described as a highly modular malware frame that allows the threat actors to execute the useful charges dynamically, maintain persistent control and quietly communicate with the command and control servers. You can administer useful load modules in memory, perform a privilege escalation, collect extensive system information and execute arbitrary code through its linked list architecture.
Pypemagic also admits communication between encrypted processes through pipes with name and can self-act by receiving new modules of its C2 infrastructure.
While Microsoft said the number of victims was “limited”, he did not discuss concrete numbers. The objectives were observed in the United States, in Europe, South America and the Middle East. Most specific industries include it, financial and real estate.
To mitigate the threat, Microsoft recommended a layer defense strategy, which includes enabling the protection of manipulation and network protection in the Microsoft defender for the end point, and executing the detection and response of the end point in block mode, among other things.
