The Register reports:
A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients’ computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers.
Forescout’s Vedere Labs researchers on Monday sounded the alarm after identifying dozens of malware samples masquerading as Philips DICOM medical image viewers and other legitimate software.
The samples, all collected between July 2024 and January 2025, used PowerShell commands to evade detection and shared certain file system artifacts.
The most recent were disguised as MediaViewerLauncher.exe, the primary executable for the Philips DICOM viewer, and emedhtml.exe for EmEditor, while other samples purported to be system drivers and utilities, such as x64DrvFx.exe.
Read more at The Register.
