安全研究人员说,带有Adobe Creative Cloud Experience的Node.js可执行文件可用于传播恶意软件并损害目标计算机。
网络安全研究人员Michael Taggart最近发布了概念验证的Javascript文件,即HASPAWN WINDOWS计算器应用程序,他能够在端点上运行恶意脚本。
Taggart说:“我已经确认了用Adobe客户体验服务包装的Node.exe可以运行您指出的任何Javascript。”
你可能喜欢
恶意NPM软件包使用曲折的后门来针对用户
假PDF转换器正在传播恶意软件以窃取用户信息,更糟 - 这是如何保持安全的方法
Microsoft 365帐户正在受到新的恶意软件欺骗的攻击,流行的工作应用程序
Techradar需要您!
我们正在研究读者如何使用具有不同设备的VPN,以便我们可以改善内容并提供更好的建议。这项调查不应花费超过60秒的时间。感谢您参加。
>>单击此处在新窗口中开始调查 <<
False positives
"So the attack chain may look like an installer or zip file that drops [a Javascript file], or even a macro that drops Javascript in a user-writable directory, then invokes Adobe's own node.exe for execution."
Taking advantage of Node.js isn’t as easy as it sounds, though, as the attacker would still need access to the device through other means. That - or they would need to somehow persuade the victim into downloading and running the script.
However, its availability makes mounting an attack, and hiding it, that much easier, the publication adds.
"Because the Javascript is getting invoked by path in C:Program Files, it would be extremely difficult to detect from a monitoring/threat hunting perspective," explained Taggart, who said that his custom file dropper ran and executed a C2 agent without so much as a warning from Windows Defender.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.Read more
> Microsoft wants to make a potentially huge change to Javascript
> Google打破了滥用Javascript,Android应用中的Python
> GitHub启动代码扫描方案以寻找漏洞
因此,研究人员得出结论,其第一用例将在不触发警报的情况下运行未签名的代码。
那里的烟雾 - 那里的烟雾必然会发生大火。过去,Adobe用户过去一直在警告Node.exe,登记册一直在论坛帖子中发现,与2021年12月一样古老,一直警告网络安全和防病毒计划,将Node.exe标记为安全风险。
网络安全研究人员通常将这些警告视为误报。没有强大的防火墙,没有网络原理是安全的
通过:寄存器
