> TritonInfoSec News

Home / Apr 18, 2026 / Story

#3 BleepingComputer general April 17, 2026 at 19:10 UTC

Payouts King ransomware uses QEMU VMs to bypass endpoint security

By Bill Toulas

AI Summary

Payouts King ransomware operators are leveraging QEMU virtual machine emulation to establish reverse SSH backdoors that bypass endpoint security solutions on compromised systems. This technique allows attackers to run hidden virtual environments for malware execution while evading detection by traditional security tools.

Read full article → https://www.bleepingcomputer.com/news/security/pay…

Relevance score: 88.0/100

Sponsored

Protect Your Business

Expert cybersecurity solutions to safeguard your organization from evolving threats.

Get Protected →

# More from April 18

1
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched The Hacker News
2
CISA flags Apache ActiveMQ flaw as actively exploited in attacks BleepingComputer
4
Recently leaked Windows zero-days now exploited in attacks BleepingComputer
5
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts The Hacker News
6
Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies The Record
7
Grinex exchange blames "Western intelligence" for $13.7M crypto hack BleepingComputer
8
Cisco says critical Webex Services flaw requires customer action BleepingComputer
9
US nationals behind DPRK IT worker 'laptop farm' sent to prison BleepingComputer
10
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions The Hacker News