Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app - here's what we know

• Microsoft saw a modified version of a GitHub project carrying malware
• The malware can serve as both a backdoor and an infostealer
• The group behind it was seen deploying encryptors, too

Microsoft has warned of a fake ChatGPT desktop application circulating online which actually carries a highly modular malware framework serving as an infostealer and a backdoor.

In an in-depth report, Microsoft said it observed the framework it dubbed PipeMagic, originating on GitHub.

“The first stage of the PipeMagic infection execution begins with a malicious in-memory dropper disguised as the open-source ChatGPT Desktop Application project,” the report reads. “The threat actor uses a modified version of the GitHub project that includes malicious code to decrypt and launch an embedded payload in memory.”