Hackers Leverage QEMU to Conceal Malicious Activity in Virtual Machines
BreakingNewsHackingMalwareSecurityCybercrimehackingnewsinformationsecuritynewsITInformationSecuritymalwarePayoutsKingransomwarePierluigiPaganiniQEMUSecurityAffairsSecurityNews
Sophos researchers identified a growing trend of attackers abusing QEMU, an open-source emulator, to conceal malicious activity within virtual machines (VMs). By executing malware inside VMs, threat actors bypass endpoint security controls and minimize forensic traces on compromised systems. This technique has been leveraged to steal data and deploy ransomware, including the PayoutsKing ransomware strain, without detection. The method exploits QEMU’s legitimate functionality to create hidden VMs, complicating attribution and remediation. No specific dates, CVE IDs, or victim organizations were disclosed in the report.