Fake ChatGPT app spreading PipeMagic malware

Microsoft has issued a warning about a new malware campaign involving a counterfeit version of the ChatGPT Desktop app. This fake app delivers PipeMagic, a modular backdoor linked to ransomware, by exploiting a zero-day vulnerability in the Windows Common Log File System (CLFS), identified as CVE-2025-29824.

Fake ChatGPT app spreading PipeMagic malwareFake ChatGPT app spreading PipeMagic malware

While the legitimate ChatGPT Desktop project on GitHub is safe, cybercriminals have cloned the repository, inserted malicious code, and distributed altered versions through unofficial channels. Users who downloaded the app from these compromised sites unknowingly executed the backdoor.

Fake ChatGPT app spreading PipeMagic malwareFake ChatGPT app spreading PipeMagic malware

How PipeMagic Operates

PipeMagic features a modular design, allowing it to dynamically load different modules for tasks like command-and-control (C2) communication and payload execution. It uses encrypted channels to transmit system information and execute commands from attackers, such as launching ransomware or gathering sensitive data.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security