The problem seems to exist in the vulnerable context of Electron development (Electron Development framework).
The Electron development framework For the creation εφαρμογών chat είναι πολύ δημοφιλές framework μεταξύ των προγραμματιστών και υποστηρίζει πάρα πολλά projects. Το σύστημα του Electron is based on JavaScript and Node.js and is used to create Skype, WhatsApp, Slack applications as well as many other Internet communication tools.
However, according to the researcher Pavel Tsakalidis, the Electron development framework is a very serious threat to application security.
At BSides LV this week in Las Vegas, Tsakalidis presented the tool BEAM to decompress Electron ASAR files, the code embedded in the Electron JavaScript libraries, and the embedded Chrome browser extensions.
We should note that the vulnerability discovered by the researcher does not exist in the applications themselves, but in Electron development framework used to create them. However, with the help of vulnerability, an attacker can very easily hide his malicious activity in legitimate processes.
See Proof of Concept
To modify libraries and extensions, an attacker must first gain administrative privileges on systems running Linux or MacOS. In the case of Windows, as long as there is local access.
By making changes to libraries and extensions, an attacker can create new “functions” that can access the file system, enable webcam and extract sensitive data (such as passwords) from the system using the trusted apps feature.
In the video above, Tsakalidis presents a PoC in Microsoft Visual Studio with a backdoor that sends inbound users to a remote site.
According to the researcher, he informed Electron of the vulnerability, but received no response while the problem still exists.
________________________
- Google Chrome Advanced Protection Program
- How to clean your keyboard once and for all
- Windows 10: view the latest 10 copies on the clipboard
