Stories
Slash Boxes
Comments

SoylentNews is people

Adobe Creative Cloud Experience Makes It Easier to Run Malware

posted by hubie on Monday April 11 2022, @01:19AM   Printer-friendly
from the the-kingdoms-of-experience dept.

An Anonymous Coward writes:

Bundled version of Node.js simplifies executing downloaded code

Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC.

Michael Taggart, a security researcher, recently demonstrated that the node.exe instance accompanying Adobe's service could be exploited by writing a simple proof-of-concept JavaScript file that spawns the Windows Calculator app.

"I have confirmed that the node.exe packaged with the Adobe Customer Experience service can run any JavaScript you point it to," he explained to The Register.

[. . .] Security researchers commenting on Taggart's finding said they'd been under the impression the bundled Node runtime would only execute files signed by Adobe, but evidently that's not the case.

[. . .] "Because the JavaScript is getting invoked by path in C:\Program Files, it would be extremely difficult to detect from a monitoring/threat hunting perspective," explained Taggart, who added that he was able to get his own custom file dropper to run and execute a command-and-control agent without any warning from Windows Defender.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Adobe Creative Cloud Experience Makes It Easier to Run Malware | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Anonymous Coward on Monday April 11 2022, @04:41AM

    by Anonymous Coward on Monday April 11 2022, @04:41AM (#1236116)

    Story about the "Russian Hacker" (actually, computer science grad student) who Broke Adobe's e-book encryption! (OK, it was just ROT-13), and who Adobe had the FBI arrest, because, reasons.
    https://www.wired.com/2001/07/russian-adobe-hacker-busted/ [wired.com]
    But, Wired has always been a bit tired, and something of a Gavin McIness hipster sort of rag. Better coverage.
    https://www.eff.org/cases/us-v-elcomsoft-sklyarov [eff.org]

    Anyone who uses any Adobe software deserves the horrific and depraved fate they suffer. They are not a software company, they are an imaginary property rent-seeker. They need to cease to exist.

    And what kind of idiots would be using an operating system based on storage devices? Oh, them.

    [. . .] "Because the JavaScript is getting invoked by path in C:\Program Files, it would be extremely difficult to detect from a monitoring/threat hunting perspective," explained Taggart, who added that he was able to get his own custom file dropper to run and execute a command-and-control agent without any warning from Windows Defender.

    All by himself he did that! Must be so proud, like hitting the cheerios in the potty, OMG! A Windows vulnerability!! Say it ain't so, jan, say it ain't so!

    Starting Score:    0  points
    Moderation   +3  
       Flamebait=1, Interesting=1, Informative=2, Touché=1, Total=5
    Extra 'Informative' Modifier   0  
    Total Score:   3