New Malware Alert: Fake ChatGPT Apps Target Users Worldwide

Cybercriminals are exploiting trust in AI by disguising a dangerous backdoor as a “ChatGPT desktop app.” Microsoft has issued a critical warning, revealing that this fake application is actually a sophisticated malware delivery system. At the center of the attack is PipeMagic, a stealthy backdoor that exploits a Windows zero-day vulnerability (CVE-2025-29824). Once installed, it allows attackers to spy on users, steal sensitive data, and even deploy ransomware.

How the Malware Operates

Security researchers uncovered that hackers modified an open-source ChatGPT project on GitHub, injecting hidden malicious code. The malware is modular and plugin-based, staging components through Microsoft Azure. In 2025 attacks targeting Saudi Arabia and Brazil, PipeMagic used a Microsoft Help Index file (“metafile.mshi”) as a loader, which unpacked C# code to execute encrypted shellcode.

Using encrypted pipes and in-memory operations, PipeMagic evades detection and establishes command-and-control communication. Its modules include loaders using mshi files or DLL hijacking, async file operations for covert communication, and injectors that bypass Windows security by patching AMSI. To steal credentials, attackers hijack legitimate tools like ProcDump, disguised as dllhost.exe.

Storm-2460 Behind the Campaign

Microsoft traced the operation back to the ransomware group Storm-2460, previously linked to RansomEXX. The group has resurfaced with PipeMagic as their new weapon, targeting industries including finance, IT, and real estate across the U.S., Europe, South America, and the Middle East.

What Users Should Do

• Download smart: Only use official GitHub repositories and trusted sources.
• Update immediately: Patch systems against CVE-2025-29824.
• Scan devices: Run a full antivirus check. Microsoft Defender detects the threat as Backdoor:Win32/PipeMagic!MSR.

PipeMagic is a Trojan in disguise, leveraging AI’s popularity to deceive users. Microsoft stresses that authenticity and vigilance are key to staying protected.