Researchers has disclosed a severe vulnerability in the Facebook messenger for Windows that lets hackers to hijack calls easily and then install malware and it is a vicious threat that grants the hackers to remain undetected on the application.
This vulnerability was found in Facebook Messenger version 460.16, though, now it has been fixed by the social media giant with its latest updated version 480.5 after Reason Labs 0 the issue.
Moreover, this vulnerability has a code that was executed by the app, which helps the hackers to get access to the application efficiently; once they gain control over the app, next, they install the malware to operate it.
During the investigation, the security experts said that they came across a call to place the Powershell.exe from the Python27 list and the PowerShell gets generated while downloading python version 2.7.
Here the security researches have produced a contrary shell with “msfvenom” to identify the bug; they also created a listener with the Metasploit as well. That’s why they renamed the contrary shell to the Powershell.exe, and then they place it into the Python directory (c:\python27).
After this vulnerability, Facebook said that there was a 70% rise in the time spent on its apps and a 50% surge in messaging apps.
Operational Usage of Persistence
This is the most essential step in this kind of vulnerability, as an attacker has to take orders to make sure that he/she will not miss any connection with the remote workstation. But, all the methods that are used in windows are quite similar; not only this, they are also recognized as registry keys, auto-start services, scheduled tasks, and several more.
It’s very easy for forensic or cybersecurity researchers to find all ill-disposed hackers that are utilizing these persistence methods. These0 persistence methods only deal with the following things that we have mentioned below:-
- Malware needs to communicate.
- Malware needs to run.
- Malware needs to stay hidden.
If we compare the second stage of this vulnerability, then it is more complicated then the previous one. Well, in this stage, the hackers try to obtain a binary that will create an unwanted call to a method or a DLL, which allows the threat actors to hijack the call to run an ill-disposed file.
In this type of event, the threat actors use several persistent methods to perform specific hacks that target financial institutions, government offices, and many other organizations.
Moreover, currently, Facebook Messenger has 1.3 billion active users in a month, which implies that the accounts for all users beyond devices get multiple access to the service by their Windows-based machines.
This kind of situation becomes more dangerous, as the messaging apps are getting used in several ways during this outbreak of the COVID-19 pandemic.
Due to the lockdown, several people are pursuing the work-from-home method, and that’s one of the key reasons for which they need to use these messaging apps and video conferencing tools.
We all are very familiar with Facebook and its messenger app, as it is one of the most popular messaging apps in the world. Billions of users use Facebook in the whole world, and this kind of vulnerability may harm the users, as this vulnerability are highly risky.
Apart from this, the Reason Labs cleared that they always focus on collecting the raw data, and they always stay active so that they can observe every movement of the threat actors on the internet.
Also Read:
Hackers selling 267 Million Facebook Identities in Dark Web for 500 Euros
Facebook Secretly Tried To Buy Pegasus Spyware From NSO Group to Monitor Apple Users
