Microsoft has warned about a malicious application circulating online that masquerades as a ChatGPT desktop app. This application contains a modular malware framework named PipeMagic, which functions as both an infostealer and a backdoor. The malware is deployed through a modified version of a GitHub project, where the threat actor uses an in-memory dropper to decrypt and execute an embedded payload. Microsoft also noted that the group behind this malware has been seen deploying encryptors as well.
