"MSIX App Packages Exploited by Hackers to Spread GHOSTPULSE Malware on Windows PCs"

October 30, 2023 at 04:21 AM

•

1 min read

"MSIX App Packages Exploited by Hackers to Spread GHOSTPULSE Malware on Windows PCs" — Photo: The Hacker News

TL;DR Summary

Hackers are using spurious MSIX Windows app package files for popular software to distribute a new malware loader called GHOSTPULSE. The attack campaign entices potential targets to download the MSIX packages through compromised websites, SEO poisoning, or malvertising. Once launched, the MSIX file downloads GHOSTPULSE on the compromised host via a PowerShell script. The malware employs various techniques, including DLL side-loading and module stomping, to execute multiple payloads, ultimately loading GHOSTPULSE and other malware such as SectopRAT, Rhadamanthys, Vidar, Lumma, and NetSupport RAT.

Topics:technology #cyber-attack #ghostpulse #malware #malware-endpoint-security #msix #windows-pc

Share this article

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

77%

363 → 83 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights