Skip to content


Hackers are using fake Windows app packages to spread a new type of malware called GHOSTPULSE. The fake packages are for popular software like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex.
The hackers are cleverly tricking people into downloading the fake Windows app packages through several methods, such as compromised websites, fake search results, and malicious ads. When someone clicks on the fake package, a Windows prompt asks them to click the “Install” button. If they do, a hidden script will download the GHOSTPULSE malware onto their computer from a remote server via a PowerShell script.

Figure 1:

What does GHOSTPULSE do…

GHOSTPULSE is a type of malware that helps facilitate other malware to start running on a system. It does this by using process doppelgänging, which creates a fake copy of a legitimate Windows process and loads the malware into that process.

How to keep safe

  • Only download software from trusted sources. This includes the official websites of software developers and app stores.
  • Be careful about clicking on links in emails and messages. If you don’t know the sender, or if the link looks suspicious, don’t click on it.
  • Keep your software up to date. Software updates often include security patches that can help protect you from malware.
  • Use a good antivirus program and keep it up to date. An antivirus program can scan your computer for malware and remove it if it’s found.
  • Be careful about what attachments you open. If you’re not expecting an attachment, or if it is from someone you don’t know, don’t open it.
  • Be careful about what websites you visit. Some websites may contain malware that can be downloaded to your computer without your knowledge.
  • Use a VPN when connecting to public Wi-Fi. A VPN encrypts your traffic, making it more difficult for hackers to intercept your data.

Related Links