Microsoft has issued a warning regarding a fraudulent ChatGPT desktop application that is spreading online. This application contains the PipeMagic malware, identified as a highly modular framework functioning as both an infostealer and a backdoor.
According to a detailed report by Microsoft, the PipeMagic framework originated on GitHub. The report states, “The first stage of the PipeMagic infection execution begins with a malicious in-memory dropper disguised as the open-source ChatGPT Desktop Application project.” This involves threat actors utilizing a modified version of the GitHub project, which incorporates malicious code designed to decrypt and launch an embedded payload directly into memory.
The malware is attributed to a threat actor known as Storm-2460. Microsoft previously identified Storm-2460 in early April 2025 for exploiting a zero-day vulnerability in the Common Log File System (CVE-2025-29824) to deploy the RansomEXX encryptor. This vulnerability is again being exploited in the PipeMagic campaign. While Microsoft confirmed the continued abuse of CVE-2025-29824, the company did not specify whether the same encryptor was deployed in this instance. The report emphasizes PipeMagic’s evolution from a basic backdoor trojan into a complex malware framework.
The current iteration of PipeMagic is characterized by its modular design, which grants threat actors the ability to dynamically execute payloads, maintain persistent control over compromised systems, and communicate covertly with command-and-control servers. Its capabilities include managing encrypted payload modules within memory, performing privilege escalation, collecting extensive system information, and executing arbitrary code using its linked list architecture.
PipeMagic also facilitates encrypted inter-process communication through named pipes. Furthermore, the malware can self-update by receiving new modules from its command-and-control infrastructure, allowing for continuous refinement and adaptation.
While the number of victims is described as “limited” by Microsoft, specific figures were not disclosed. The observed targets are located in the United States, across Europe, South America, and the Middle East. The industries most frequently targeted include information technology, financial services, and real estate.
To mitigate the threat posed by PipeMagic, Microsoft recommends implementing a layered defense strategy. This includes enabling tamper protection and network protection within Microsoft Defender for Endpoint. Additionally, Microsoft advises running endpoint detection and response in block mode, alongside other security measures.
Featured image credit
FAQs
Frequently Asked Questions
What is a Premium Domain Name? A premium domain name is the digital equivalent of prime real estate. It’s a short, catchy, and highly desirable web address that can significantly boost your brand's impact. These exclusive domains are already owned but available for purchase, offering you a shortcut to a powerful online presence. Why Choose a Premium Domain? Instant Brand Boost: Premium domains are like instant credibility boosters. They command attention, inspire trust, and make your business look established from day one. Memorable and Magnetic: Short, sweet, and unforgettable - these domains stick in people's minds. This means more visitors, better recall, and ultimately, more business. Outshine the Competition: In a crowded digital world, a premium domain is your secret weapon. Stand out, get noticed, and leave a lasting impression. Smart Investment: Premium domains often appreciate in value, just like a well-chosen piece of property. Own a piece of the digital world that could pay dividends. What Sets Premium Domains Apart? Unlike ordinary domain names, premium domains are carefully crafted to be exceptional. They are shorter, more memorable, and often include valuable keywords. Plus, they often come with a built-in advantage: established online presence and search engine visibility. How Much Does a Premium Domain Cost? The price tag for a premium domain depends on its desirability. While they cost more than standard domains, the investment can be game-changing. Think of it as an upfront cost for a long-term return. BrandBucket offers transparent pricing, so you know exactly what you're getting. Premium Domains: Worth the Investment? Absolutely! A premium domain is more than just a website address; it's a strategic asset. By choosing the right premium domain, you're investing in your brand's future and setting yourself up for long-term success. What Are the Costs Associated with a Premium Domain? While the initial purchase price of a premium domain is typically higher than a standard domain, the annual renewal fees are usually the same. Additionally, you may incur transfer fees if you decide to sell or move the domain to a different registrar. Can I Negotiate the Price of a Premium Domain?
In some cases, it may be possible to negotiate the price of a premium domain. However, the success of negotiations depends on factors such as the domain's demand, the seller's willingness to negotiate, and the overall market conditions. At BrandBucket, we offer transparent, upfront pricing, but if you see a name that you like and wish to discuss price, please reach out to our sales team.
How Do I Transfer a Premium Domain?
Transferring a premium domain involves a few steps, including unlocking the domain, obtaining an authorization code from the current registrar, and initiating the transfer with the new registrar. Many domain name marketplaces, including BrandBucket, offer assistance with the transfer process.
