QEMU abused to evade detection and enable ransomware delivery

Sophos X-Ops·41d·Reputable

The use of hidden virtual machines (VMs) enables long-term access, credential harvesting, data exfiltration, and PayoutsKing ransomware deployment Categories: Threat Research Tags: virtual machine, QEMU, PayoutsKing, GOLD ENCOUNTER, CitrixBleed2

Categories cybersecurity · government-security

Original source / advisory ↗

Published

4/16/2026, 12:00:00 AM

Fetched

5/27/2026, 4:13:33 AM

Trust

reputable · 80/100

Language