“Beyond data theft, the malware also imports Windows APIs used for clipboard hijacking and keystroke logging, tools that can capture what you type or swap a cryptocurrency wallet address at the exact moment you send funds,” Malwarebytes researchers explained.They added, “It also includes the building blocks for ‘hidden desktop’ tradecraft: creating a second, invisible Windows desktop that the attacker can capture and potentially control. In its most advanced form, this lets an attacker operate inside that hidden environment—logging in to accounts, approving transactions, or sending messages—while the victim’s real screen shows nothing unusual.”Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

They added, “It also includes the building blocks for ‘hidden desktop’ tradecraft: creating a second, invisible Windows desktop that the attacker can capture and potentially control. In its most advanced form, this lets an attacker operate inside that hidden environment—logging in to accounts, approving transactions, or sending messages—while the victim’s real screen shows nothing unusual.”Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Related:Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsRelated:OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Related:OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors.

ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.

Source: SecurityWeek