Cyberattackers are using MSIX, a Windows application packaging format, to infect PCs and evade detection by encrypting malware, titled Ghostpulse. Researchers at Elastic Security Labs suspect users are prompted to download malicious MSIX packages via breached websites or misleading adverts. By exploiting vulnerabilities in Notepad++, the attackers initiate a staged process in order to download Ghostpulse and other infostealers. The loader overwrites executed instructions to complicate analysis, and can establish persistence.
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some
