Microsoft

Microsoft confirms new ransomware family deployed via Log4j vulnerability

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream. Microsoft has become the second security vendor to report it has observed a new family of ransomware, known as Khonsari — which the company said has been used in attacks on non-Microsoft hosted Minecraft…

Published 3 years ago in
Microsoft confirms new ransomware family deployed via Log4j vulnerability

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.

Microsoft has become the second security vendor to report it has observed a new family of ransomware, known as Khonsari — which the company said has been used in attacks on non-Microsoft hosted Minecraft servers by exploiting the vulnerability in Apache Log4j.

In a Wednesday night update to its blog post about the Log4j vulnerability, Microsoft said it can confirm the findings of cyber firm Bitdefender, which earlier this week disclosed the existence of the new Khonsari ransomware family. Bitdefender said it had detected multiple attempts to deploy a Khonsari ransomware payload, which targets Windows systems by taking advantage of a flaw in the Log4j logging library.

The vulnerability, known as Log4Shell, was publicly disclosed last Thursday and is considered highly dangerous, as the flaw is both widespread and considered trivial to exploit.

Attacks on Minecraft servers

In its blog update Wednesday, Microsoft said that it has seen ransomware attacks on Minecraft servers that are not hosted by the company that involves the Khonsari ransomware family.

“Microsoft can confirm public reports of the Khonsari ransomware family being delivered as payload post-exploitation, as discussed by Bitdefender,” the company said in the blog post update.

“In Microsoft Defender Antivirus data, we have observed a small number of cases of this [ransomware] being launched from compromised Minecraft clients connected to modified Minecraft servers running a vulnerable version of Log4j 2 via the use of a third-party Minecraft mods loader,” Microsoft said in the post.

In those cases, the threat actor has sent a malicious message in-game to a vulnerable Minecraft server, and the message then exploits Log4Shell in order to execute a payload both on the server and on any vulner

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft

Microsoft denies shutting down operations in China

Microsoft China denied it would cease operations in the country, after a screenshot of an internal email from Wicresoft, a Microsoft outsourcing partner, fueled speculation about a potential exit. On Monday, several employees of Wicresoft shared screenshots of layoff emails on social media. The email cites geopolitical tensions and shifts in the global business landscape

Published 2 weeks ago in
Microsoft denies shutting down operations in China

Microsoft China denied it would cease operations in the country, after a screenshot of an internal email from Wicresoft, a Microsoft outsourcing partner, fueled speculation about a potential exit. On Monday, several employees of Wicresoft shared screenshots of layoff emails on social media. The email cites geopolitical tensions and shifts in the global business landscape [……
Read More

Continue Reading
Microsoft

Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. …

Published 4 weeks ago in
Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. …
Read More

Continue Reading
Microsoft

How Microsoft’s AI chief measures consumer inroads for Copilot

Advertisement Business How Microsoft’s AI chief measures consumer inroads for Copilot Microsoft AI CEO Mustafa Suleyman speaks at the company’s 50th anniversary celebration in Redmond, Washington, U.S., April 4, 2025. REUTERS/Jeffrey Dastin Microsoft AI CEO Mustafa Suleyman speaks at the company’s 50th anniversary celebration in Redmond, Washington, U.S., April 4, 2025. REUTERS/Jeffrey Dastin Microsoft co-founder

Published 1 month ago in
How Microsoft’s AI chief measures consumer inroads for Copilot
Advertisement

Business

How Microsoft’s AI chief measures consumer inroads for Copilot

How Microsoft's AI chief measures consumer inroads for Copilot
Microsoft AI CEO Mustafa Suleyman speaks at the company’s 50th anniversary celebration in Redmond, Washington, U.S., April 4, 2025. REUTERS/Jeffrey Dastin
How Microsoft's AI chief measures consumer inroads for Copilot
Microsoft AI CEO Mustafa Suleyman speaks at the company’s 50th anniversary celebration in Redmond, Washington, U.S., April 4, 2025. REUTERS/Jeffrey Dastin
How Microsoft's AI chief measures consumer inroads for Copilot
Microsoft co-founder Bill Gates, former Microsoft CEO Steve Ballmer, and CEO of Microsoft Satya Nadella make a joint public appearance at the Microsoft’s 50th anniversary celebration in Redmond, Washington, U.S., April 4, 2025. REUTERS/Jeffrey Dastin

05 Apr 2025 08:13AM
(Updated: 05 Apr 2025 08:28AM)






WhatsApp



Telegram



Facebook



Twitter



Email



LinkedIn

REDMOND, Washington : As Microsoft CEOs past and present gathered here to celebrate the company’s 50th birthday, one leader said he is targeting a particular metric’s improvement to guide his strategy on artificial intelligence.

Mustafa Suleyman, chief executive of Microsoft AI, said his consumer and research division is tracking the usual measures of adoption for the company’s AI assistant called Copilot. These include daily and weekly active users, distribution, and usage intensity for Copilot’s consumer offering, he said.

But Suleyman’s interest lies elsewhere.

“I really, really focus the team on SSR, the rate of successful sessions,” he said in an interview.

In an older era when consumers gave less real-time feedback on software, the time they spent with a product – on social media, for instance – or the problems they could solve represented crude “proxies for quality,” he said.

“Now, we actually get to learn from the anonymized logs and extract the sentiment,” said Suleyman, who joined Microsoft about a year ago after leading the startup Inflection AI. Suleyman was one of the only Microsoft executives other than former CEOs Bill Gates and Steve Ballmer and current CEO Satya Nadella to speak on stage at Microsoft’s Friday event at its Redmond, Washington, headquarters.

Suleyman said Microsoft has tasked an AI model itself to assess such sentiment and help determine Copilot chats’ SSR.

“Over the last four months, it’s gone up dramatically, and that’s what we optimize for,” he said.

Suleyman declined to state the rate in absolute terms or disclose other Copilot metrics.

The company last fall announced a more amiable voice for its consumer Copilot and the ability to analyze web pages for users as they browse.

On Friday, Microsoft demonstrated further features for Copilot: personalized podcasts, a tool to help consumers research complex queries, and eventually a look for Copilot that can be custom to each user and conversation.

“I would definitely go for something that was cutesy,” said Suleyman, “like a little Furby-type thing.”

Source: Reuters

Advertisement

Also worth reading

Content is loading…

Advertisement

Read More

Continue Reading
Microsoft

Microsoft Raises Alarm of Malware Targeting Coinbase, MetaMask Wallets

Tech Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email Microsoft Raises Alarm of Malware Targeting Coinbase, MetaMask Wallets A new report from Microsoft researchers warned of malware that could steal and decrypt users’ information from 20 of some of the most popular cryptocurrency wallets. By Margaux Nijkerk| Edited by Stephen

Published 2 months ago in
Microsoft Raises Alarm of Malware Targeting Coinbase, MetaMask Wallets
Tech

Share this article

X iconX (Twitter)LinkedInFacebookEmail

Microsoft Raises Alarm of Malware Targeting Coinbase, MetaMask Wallets

A new report from Microsoft researchers warned of malware that could steal and decrypt users’ information from 20 of some of the most popular cryptocurrency wallets.

By Margaux Nijkerk|Edited by Stephen Alpher
Updated Mar 18, 2025, 6:34 p.m. Published Mar 18, 2025, 3:05 p.m.
Microsoft shareholders voted against adding bitcoin to its company's treasury. (Photo by Craig T Fruchtman/Getty Images)

What to know:

  • Tech giant Microsoft shared a new report warning of malware that targets 20 of the most popular cryptocurrency wallets used with the Google Chrome extension.
  • The malware, dubbed StilachiRAT, could deploy “sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data.”
  • While the malware has not been distributed widely, Microsoft did share that it has not been able to identify what entity is behind the threat.

Tech giant Microsoft shared a new report warning of malware that targets 20 of the most popular cryptocurrency wallets used with the Google Chrome extension.

STORY CONTINUES BELOW
Don’t miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Microsoft’s Incident Response researchers raised alarms of a new remote access trojan (RAT), dubbed StilachiRAT, which could deploy “sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” the team shared in a blog post.

According to the team, the malware was discovered in November 2024, and it could steal users’ wallet information, and any credentials, including usernames and passwords, stored in their Google Chrome browser. StilachiRAT targets 20 crypto wallets including some of the most widely-used ones like MetaMask, Coinbase Wallet, Phantom, OKX Wallet, and BNB Chain Wallet.

While the malware has not been distributed widely, Microsoft did share that it has not been able to identify what entity is behind the threat and laid out some mitigation guidelines for current targets including installing antivirus software.

“Due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” the team wrote.

Read more: Microsoft Shareholders Vote Down Bitcoin Treasury Proposal

MicrosoftWalletsMetaMaskPhantomcoinbase-walletCoinbase
Margaux Nijkerk

Margaux Nijkerk reports on the Ethereum protocol and L2s. A graduate of Johns Hopkins and Emory universities, she has a masters in International Affairs & Economics. She holds BTC and ETH above CoinDesk’s disclosure threshold of $1,000.

X

!–>!–>!–>
Read More

Continue Reading