A new bug discovered with the Facebook Messenger app for Windows allows attackers to hijack a call for a resource with Messenger code to run the malware.
The bug was discovered by Reason Labs researchers using the Facebook Messenger app, version 460.16, and has now been fixed in version 480.5.
Facebook Messenger app used for persistence
It was observed that the Messenger app provided a strange call to Powershell.exe from the Python27 directory. This directory can be accessed without administrator rights.
When the researchers observed, they decided to reverse Shell with msfvenom and a listener with Metasploit. A new payload was created and the name changed to Powershell.exe to hijack the Messenger app call.
Then the researchers ran the Messenger application on the machine and received the reverse shell connection.
With a malware infection, chain persistence is more important. An attacker must ensure that he does not lose the connection to the target computer.
Using Persistence on the System Malware Author can also use the affected system to exploit the other system on the local network or at the remote site.
The complexity of the persistence method defined by the attackers based on the permissions of the target computer.
Because of this Covid 19 situation, people spent more time online than ever before. The use of mobile and desktop chat applications increases by at least 40%. Facebook alone saw a 70% increase in time and a 50% increase in messenger.
With this corona virus pandemic, many companies around the world have asked employees to work from home, which increases the use of video conferencing apps and other social media apps.
You can follow us on Linkedin, Twitter Facebook for daily cyber security and hacking news updates.