Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
PamStealer Mimics Maccy, Silently Harvests Data
July 4, 2026
Critical FatFs Vulnerabilities Expose Millions of Embedded Devices
July 4, 2026
Critical Linux Kernel Vulnerability CVE-2023-0179 Grants Root Access
July 4, 2026
Home/CyberSecurity News/Microsoft Store App Vibing.exe Harvested Screens, Audio, and Clipboard Data
CyberSecurity News

Microsoft Store App Vibing.exe Harvested Screens, Audio, and Clipboard Data

Key Takeaways An application named “Vibing.exe,” available on the Microsoft Store, was found to covertly harvest sensitive user data, including screenshots, audio, and clipboard contents....

Marcus Rodriguez
Marcus Rodriguez
April 27, 2026 3 Min Read
40 0

Key Takeaways

  • An application named “Vibing.exe,” available on the Microsoft Store, was found to covertly harvest sensitive user data, including screenshots, audio, and clipboard contents.
  • The app, marketed as an “AI-native world” interface by “Vibing-Team,” has been linked through OSINT investigations to Microsoft GenAI research labs in Beijing, despite being presented as an open-source community project.
  • The application bypasses typical user consent mechanisms, transmits data to a Microsoft-owned Azure endpoint, and tracks users via hardware GUIDs, raising significant privacy and security concerns.
  • Microsoft has not yet formally responded to the allegations, and individuals associated with the project have reportedly ignored or closed issues raised by the developer community.

Microsoft Store App “Vibing.exe” Covertly Harvests User Data

Cybersecurity researchers have issued urgent privacy and security warnings regarding a suspicious executable, “Vibing.exe,” discovered on the Microsoft Store. This application, masquerading as an interface to an “AI-native world,” has been found to surreptitiously collect sensitive user information without explicit consent.

Table Of Content

  • Key Takeaways
  • Microsoft Store App “Vibing.exe” Covertly Harvests User Data
  • Data Harvested by Vibing.exe
  • Links to Microsoft GenAI Research Uncovered
  • Significant Privacy and Security Implications
  • What You Should Do

Upon installation on a Windows system, Vibing automatically configures itself to launch at startup, according to researcher Kevin Beaumont. The application then aggressively monitors user activity, transmitting telemetry to a preconfigured Azure Front Door endpoint. It employs WebSockets for communication, a method known to circumvent certain proxy blocking configurations.

Data Harvested by Vibing.exe

The application covertly captures several categories of sensitive user data:

  • Base64-encoded screenshots of the user’s active desktop environment.
  • Raw audio recordings directly from the system microphone.
  • Contents of the clipboard, including copied text and files.
  • Specific keywords, active window titles, and names of running applications.

Each piece of transmitted data is tagged with a unique hardware GUID, enabling developers to track individual users and link collected data to specific machines over time. This extensive and invasive tracking mechanism is entirely absent from the application’s user interface and official documentation.

Links to Microsoft GenAI Research Uncovered

Despite being presented as an open-source, community-driven tool, open-source intelligence (OSINT) investigations have directly linked the Vibing application to Microsoft GenAI research labs located in Beijing. The official GitHub repository for Vibing, found at github.com/microsoft/VibeVoice, notably contains no actual source code, hosting only an 80MB binary file. This executable is digitally signed by Microsoft researcher Yaoyao Chang, with an SSL.com co-signer.

Key evidence pointing to Microsoft’s involvement in this alleged community project includes:

  • The Azure endpoint receiving the harvested data belongs to a Microsoft corporate-owned tenant.
  • Initial mentions of Vibing appeared directly on Microsoft’s official VibeVoice GitHub page.
  • Installation documentation features screenshots taken from authenticated Microsoft corporate devices.
  • The project utilizes the same logo as Microsoft’s official VibeVoice product.

Significant Privacy and Security Implications

By operating under the guise of a community initiative, the developers appear to have bypassed Microsoft’s stringent internal governance, privacy, and security review processes. According to Kevin Beaumont on DoublePulsar, the application exposes a substantial attack surface and operates with alarming opacity, as detailed in his analysis “Microsoft Vibing: Capturing Screenshots and Voice Samples Without Governance.”

Several critical privacy violations have been identified:

  • The Microsoft Store privacy policy for the app falsely claims that no data is sent to third parties.
  • Users receive no in-app prompts or consent requests before the transmission of audio and screen data commences.
  • There is no designated data controller, and transparency regarding data retention policies is entirely absent.
  • The tracking of keystrokes and screenshots via hardware GUIDs poses severe long-term surveillance risks.

Despite increasing pressure from the developer community and security researchers, Microsoft has yet to issue a formal response. Developers have tagged involved Microsoft employees on GitHub to highlight the covert data collection, but individuals associated with the project have reportedly either ignored these tags or abruptly closed the issues, leaving the security community without answers.

What You Should Do

  • Uninstall Immediately: If “Vibing.exe” is present on any system within your environment, uninstall it without delay.
  • Monitor for Indicators of Compromise (IoCs): Security teams should actively monitor their networks for the presence of vibing.exe, Vibing Installer.exe, and network traffic to vibing-api-ccegdhbrg2d6bsd7.b02.azurefd.net.
  • Review Microsoft Store Policies: Enterprises should review and reinforce policies regarding the installation of applications from the Microsoft Store, especially those lacking clear vendor attribution or privacy statements.
  • Educate Users: Inform users about the risks of installing unverified applications, even from official app stores, and emphasize the importance of scrutinizing privacy policies and requested permissions.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecuritySecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical CODESYS Vulnerabilities Let Attackers Backdoor PLCs

Next Post

Microsoft Issues Group Policy to Disable Windows 11 Copilot on Enterprise Devices

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Scammers Impersonate Brands in Gambling Ads to Drive Casino Traffic
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us