The problem seems to exist in the vulnerable context of Electron development (Electron development framework).
The Electron development framework creating chat applications is a very popular framework among developers and supports many projects. Its system Electron is based on JavaScript and Node.js and is used to create Skype, WhatsApp, Slack applications as well as many other Internet communication tools.
However, according to the researcher Pavel Tsakalidis, the Electron development framework is a very serious threat to application security.
At BSides LV this week at Las Vegas, Tsakalidis presented the tool BEAM for decompression files Electron ASAR, the embedded code in Electron JavaScript libraries and embedded Chrome browser extensions.
We should note that the vulnerability discovered by the researcher does not exist in the applications themselves, but in Electron development framework used to create them. However, with the help of vulnerability, an attacker can very easily hide his malicious activity in legitimate processes.
See Proof of Concept
To modify libraries and extensions, the attacker must first obtain administrator privileges on Linux or MacOS systems. In the case of Windows, local access is sufficient.
By making changes to libraries and extensions, an attacker can create new "functions" that can access the file system, activate the webcam, and extract sensitive data (such as passwords) from the system using the function. reliable applications.
In the video above, Tsakalidis presents a PoC in Microsoft Visual Studio with backdoor cuts which sends user input to a remote site.
According to the researcher, he informed Electron of the vulnerability, but received no response while the problem still exists.
________________________
- Google Chrome Advanced Protection Program
- How to clean your keyboard once and for all
- Windows 10: view the latest 10 copies on the clipboard
