TVulnerability in Facebook Messenger for Windows

Systems Affected

Threat Level

Overview

This vulnerability allows an attacker to execute malicious files already present on a compromised system.

Description

According to the researchers this vulnerability application triggers a call to load Windows Powershell from the location of "C:python27". This path automatically creates when installing python version 2.7 which does not commonly exist in most windows installations.

An attacker could hijack such calls to load potentially non-existence resources to covertly execute malware to gain persistence and extended access to the system.

Impact

  ✻  Possibility of exposing confidential information to unauthorized parties
  ✻  System could be infected with malware

Solution/ Workarounds

  ✻  Upgrade to the latest Facebook Messenger Desktop version 480.5
     https://www.microsoft.com/en-us/p/messenger/9wzdncrf0083?activetab=pivot:overviewtab

References

  ✻  https://www.cert-in.org.in
  ✻  https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
  ✻  https://thehackernews.com/2020/06/facebook-malware-persistence.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.