Microsoft Store App Vibing.exe Harvested Screens, Audio, and Clipboard Data
Key Takeaways An application named “Vibing.exe,” available on the Microsoft Store, was found to covertly harvest sensitive user data, including screenshots, audio, and clipboard contents....
Key Takeaways
- An application named “Vibing.exe,” available on the Microsoft Store, was found to covertly harvest sensitive user data, including screenshots, audio, and clipboard contents.
- The app, marketed as an “AI-native world” interface by “Vibing-Team,” has been linked through OSINT investigations to Microsoft GenAI research labs in Beijing, despite being presented as an open-source community project.
- The application bypasses typical user consent mechanisms, transmits data to a Microsoft-owned Azure endpoint, and tracks users via hardware GUIDs, raising significant privacy and security concerns.
- Microsoft has not yet formally responded to the allegations, and individuals associated with the project have reportedly ignored or closed issues raised by the developer community.
Microsoft Store App “Vibing.exe” Covertly Harvests User Data
Cybersecurity researchers have issued urgent privacy and security warnings regarding a suspicious executable, “Vibing.exe,” discovered on the Microsoft Store. This application, masquerading as an interface to an “AI-native world,” has been found to surreptitiously collect sensitive user information without explicit consent.
Table Of Content
Upon installation on a Windows system, Vibing automatically configures itself to launch at startup, according to researcher Kevin Beaumont. The application then aggressively monitors user activity, transmitting telemetry to a preconfigured Azure Front Door endpoint. It employs WebSockets for communication, a method known to circumvent certain proxy blocking configurations.
Data Harvested by Vibing.exe
The application covertly captures several categories of sensitive user data:
- Base64-encoded screenshots of the user’s active desktop environment.
- Raw audio recordings directly from the system microphone.
- Contents of the clipboard, including copied text and files.
- Specific keywords, active window titles, and names of running applications.
Each piece of transmitted data is tagged with a unique hardware GUID, enabling developers to track individual users and link collected data to specific machines over time. This extensive and invasive tracking mechanism is entirely absent from the application’s user interface and official documentation.
Links to Microsoft GenAI Research Uncovered
Despite being presented as an open-source, community-driven tool, open-source intelligence (OSINT) investigations have directly linked the Vibing application to Microsoft GenAI research labs located in Beijing. The official GitHub repository for Vibing, found at github.com/microsoft/VibeVoice, notably contains no actual source code, hosting only an 80MB binary file. This executable is digitally signed by Microsoft researcher Yaoyao Chang, with an SSL.com co-signer.
Key evidence pointing to Microsoft’s involvement in this alleged community project includes:
- The Azure endpoint receiving the harvested data belongs to a Microsoft corporate-owned tenant.
- Initial mentions of Vibing appeared directly on Microsoft’s official VibeVoice GitHub page.
- Installation documentation features screenshots taken from authenticated Microsoft corporate devices.
- The project utilizes the same logo as Microsoft’s official VibeVoice product.
Significant Privacy and Security Implications
By operating under the guise of a community initiative, the developers appear to have bypassed Microsoft’s stringent internal governance, privacy, and security review processes. According to Kevin Beaumont on DoublePulsar, the application exposes a substantial attack surface and operates with alarming opacity, as detailed in his analysis “Microsoft Vibing: Capturing Screenshots and Voice Samples Without Governance.”
Several critical privacy violations have been identified:
- The Microsoft Store privacy policy for the app falsely claims that no data is sent to third parties.
- Users receive no in-app prompts or consent requests before the transmission of audio and screen data commences.
- There is no designated data controller, and transparency regarding data retention policies is entirely absent.
- The tracking of keystrokes and screenshots via hardware GUIDs poses severe long-term surveillance risks.
Despite increasing pressure from the developer community and security researchers, Microsoft has yet to issue a formal response. Developers have tagged involved Microsoft employees on GitHub to highlight the covert data collection, but individuals associated with the project have reportedly either ignored these tags or abruptly closed the issues, leaving the security community without answers.
What You Should Do
- Uninstall Immediately: If “Vibing.exe” is present on any system within your environment, uninstall it without delay.
- Monitor for Indicators of Compromise (IoCs): Security teams should actively monitor their networks for the presence of
vibing.exe,Vibing Installer.exe, and network traffic tovibing-api-ccegdhbrg2d6bsd7.b02.azurefd.net. - Review Microsoft Store Policies: Enterprises should review and reinforce policies regarding the installation of applications from the Microsoft Store, especially those lacking clear vendor attribution or privacy statements.
- Educate Users: Inform users about the risks of installing unverified applications, even from official app stores, and emphasize the importance of scrutinizing privacy policies and requested permissions.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.