SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Adobe Creative Cloud Experience Makes It Easier to Run Malware
Date    Monday April 11 2022, @01:19AM
Author    hubie
Topic   
from the the-kingdoms-of-experience dept.
https://soylentnews.org/article.pl?sid=22/04/10/1459246

An Anonymous Coward writes:

Bundled version of Node.js simplifies executing downloaded code

Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC.

Michael Taggart, a security researcher, recently demonstrated that the node.exe instance accompanying Adobe's service could be exploited by writing a simple proof-of-concept JavaScript file that spawns the Windows Calculator app.

"I have confirmed that the node.exe packaged with the Adobe Customer Experience service can run any JavaScript you point it to," he explained to The Register.

[. . .] Security researchers commenting on Taggart's finding said they'd been under the impression the bundled Node runtime would only execute files signed by Adobe, but evidently that's not the case.

[. . .] "Because the JavaScript is getting invoked by path in C:\Program Files, it would be extremely difficult to detect from a monitoring/threat hunting perspective," explained Taggart, who added that he was able to get his own custom file dropper to run and execute a command-and-control agent without any warning from Windows Defender.


Original Submission

Links

  1. "Bundled version of Node.js simplifies executing downloaded code" - https://www.theregister.com/2022/04/07/adobe_cloud_malware/
  2. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=54750

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Adobe Creative Cloud Experience Makes It Easier to Run Malware on 2024-11-03 18:25:30