"MSIX App Packages Exploited by Hackers to Spread GHOSTPULSE Malware on Windows PCs"
Originally Published 2 years ago — by The Hacker News
Hackers are using spurious MSIX Windows app package files for popular software to distribute a new malware loader called GHOSTPULSE. The attack campaign entices potential targets to download the MSIX packages through compromised websites, SEO poisoning, or malvertising. Once launched, the MSIX file downloads GHOSTPULSE on the compromised host via a PowerShell script. The malware employs various techniques, including DLL side-loading and module stomping, to execute multiple payloads, ultimately loading GHOSTPULSE and other malware such as SectopRAT, Rhadamanthys, Vidar, Lumma, and NetSupport RAT.