Cybersecurity experts have revealed that the hackers behind the RansomExx ransomware attacks are using a stealthy malware called PipeMagic to infiltrate systems. According to jointly published security reports, the attackers target a previously patched security vulnerability in Microsoft Windows systems to maximize their privileges on devices and successfully infiltrate internal networks.

First making a name for itself with attacks on industrial companies in Southeast Asia in 2022, PipeMagic actually acts as a fully-equipped backdoor that provides full remote access to the victim's computer. While cybercriminals used fake OpenAI ChatGPT applications as bait to compromise systems in the past, today they resort to deceptive methods such as fake Google Chrome updates. Once the malware infiltrates the system, it conducts data transfers stealthily through random communication channels that it constantly creates and deletes within itself.

The most dangerous aspect of this malware, which is described by Microsoft as highly "sophisticated and flexible," is that it leaves no trace behind. Instead of saving its files to the hard disk, PipeMagic runs directly from the device's memory. This stealthy architecture, which makes its detection and analysis extremely difficult, along with its updated new versions, allows attackers to roam much more easily within corporate internal networks and cause permanent damage to systems.

Some of the precautions we need to take to protect against these types of attacks include:

• Do not open emails from untrusted sources.

• Use multi-factor authentication (MFA).

• Keep your system updated to the latest version at all times.

• Monitor login logs regularly.

• Track the security of mobile devices.

For detailed information, you can reach out to our experts at info@zerosecond.ae