Cyber Blog

Security researchers have discovered that hackers are taking advantage of a flaw in Microsoft Windows, identified as CVE-2025-29824, to secretly install malware on victims’ computers. The malware, called PipeMagic, has been linked to ransomware attacks known as RansomExx, which can lock people out of their files until a ransom is paid.

The attackers tricked users by offering a fake version of the ChatGPT desktop app. Once downloaded, the app quietly installed PipeMagic in the background, giving hackers hidden access to the computer. PipeMagic communicates through private, encrypted channels—like secret tunnels—making it difficult for security tools or users to notice anything suspicious.

What makes this malware especially dangerous is that it is modular, meaning it can download extra tools over time to expand its abilities. These add-ons can allow hackers to steal data, spy on users, or take control of the system. The malware connects to Microsoft’s cloud platform, Azure, to pull down these additional components.

Researchers also discovered that this technique isn’t new. Similar attacks were first observed in Saudi Arabia in late 2024, and now fresh incidents are being reported in both Saudi Arabia and Brazil. This shows that hackers are improving their methods and spreading the attack to new regions.

For everyday users, the key lesson is that not everything that looks safe online actually is. A program that appears to be a trusted app, like ChatGPT, can still be a dangerous trap if downloaded from the wrong source. To stay safe, users should only download software from official websites or app stores, keep Windows updated with the latest patches, run reliable antivirus software, and think twice before installing new tools that come from unfamiliar links or offers.