Ein Freund, ein guter Freund...
♲ Manuel 'HonkHase' Atug - 2024-04-12 13:06:24 GMT
xz-Backdoor – eine AufarbeitungVon Kollegen aus dem Maschinenraum der @hisolutions 👌❤️
#Backdoor #SupplyChain #Malware #0day
https://research.hisolutions.com/2024/04/xz-backdoor-eine-aufarbeitung/
Even after Microsoft patched the #vulnerability last month, the company made no mention that the North Korean threat group #Lazarus had been using the vulnerability since at least August to install a stealthy #rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for #malware that had already gained administrative system rights to interact with the Windows #kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability.
#software #news #security #cybercrime #bug #exploit #0day #fail #economy #problem #politics #hack #Hackers #trust #risk
Source: https://nitter.eu/Laughing_Mantis/status/1512081814994575377
So what can you do with these and how can they be abused:
You can modify the JSON and JS files mentioned in order to:
- arbitrary download binaries
- ignore download checksums
- execute commands as SYSTEM
- C2 on the behalf of applications
- perform file I/O as SYSTEM
etc.
...
A good generic tool should scan the local appdata and program file folders for instances of NODE.JS or JSON files (Maybe not Microsoft Store instances) and then have templates for trojanizing each vendor's custom #NodeJS and #JSON.
#Microsoft #warning #danger #0day #software #news #Trojan #problem #hack #hacker #driver #install #fail #security
