{"id":164181,"date":"2024-06-05T21:10:54","date_gmt":"2024-06-05T21:10:54","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164181"},"modified":"2024-06-05T21:10:56","modified_gmt":"2024-06-05T21:10:56","slug":"malware-steal-data-windows-recall-tool","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164181\/digital-id\/malware-steal-data-windows-recall-tool.html","title":{"rendered":"Malware can steal data collected by the Windows Recall tool, experts warn"},"content":{"rendered":"
<\/div>\n

Cybersecurity researchers demonstrated how malware could potentially steal data collected by the new Windows Recall tool.<\/h2>\n\n\n\n

The Recall feature of Microsoft Copilot+ is an AI-powered tool designed to help users search for past activities on their PC. The data collected by the tool is stored and processed locally. After its presentation, it raised security and privacy concerns<\/a> among cybersecurity experts because it scans and saves periodic screenshots of the computer screen, potentially exposing sensitive data, like passwords or financial information.<\/p>\n\n\n\n

Microsoft attempted to downplay the risks for the users, the company pointed out that an attacker would need physical access to obtain data collected by the Recall tool. <\/p>\n\n\n\n

However, multiple researchers have demonstrated that a malicious code could steal data collected by the Recall feature.<\/p>\n\n\n\n

The popular cybersecurity expert Kevin Beaumont<\/a> explained that an attacker <\/a>can gain remote access to a device running Recall using a malware.<\/p>\n\n\n\n

“When you\u2019re logged into a PC and run software, things are decrypted for you. Encryption at rest only helps if somebody comes to your house and physically steals your laptop \u2014 that isn\u2019t what criminal hackers do.” reads a post<\/a> published by Beaumont. “For example, InfoStealer trojans, which automatically steal usernames and passwords, are a major problem for well over a decade \u2014 now these can just be easily modified to support Recall.”<\/p>\n\n\n\n

\n

Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.

Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.

HT detective
pic.twitter.com\/Njv2C9myxQ<\/a><\/p>— Kevin Beaumont (@GossiTheDog) May 30, 2024<\/a><\/blockquote>