Hackers Utilize MSIX App Packages to Disseminate GHOSTPULSE Malware

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A new cyber attack campaign has emerged, involving the use of fake MSIX Windows app packages masquerading as legitimate applications. These deceptive MSIX packages are employed to distribute a new malware loader known as GHOSTPULSE. It operates as a multi-stage loader, decrypting its payload and deploying various types of malware while employing advanced defense evasion techniques.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.