PipeMagic Malware Returns in 2025 With New Tricks
PipeMagic malware, first detected in 2022, has resurfaced in 2025 with enhanced capabilities and new infection methods. The malware, known for enabling remote access and command execution, has been spotted in Saudi Arabia and Brazil, targeting critical sectors.
The malware has evolved to include additional modules for asynchronous communication and payload injection. Attackers have been using ProcDump, disguised as dllhost.exe, to dump LSASS memory and extract credentials from compromised systems.
In 2024, PipeMagic attacks in Saudi Arabia spread via a fake ChatGPT app, using API hashing to evade analysis. More recently, hackers exploited the Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, as revealed by Kaspersky. Microsoft has confirmed the malware's ongoing activity and targeted campaigns, with Mandiant publishing relevant Indicators of Compromise (IoCs) in January 2025 to aid detection.
PipeMagic malware continues to pose a threat, with its enhanced capabilities and diverse infection methods. Security experts urge vigilance, especially in critical sectors, and recommend staying updated with the latest IoCs to protect against potential attacks.
Read also:
- Planned construction of enclosures within Görlitzer Park faces delays
- Controversy resurfaces following the elimination of diesel filter systems at Neckartor: A renewed conflict over the diesel restriction policy
- Foreign financial aid for German citizens residing abroad persists
- Following the fatal accident on Canal Street in Chinatown, New York City initiates long- desired safety enhancements.
