Home > Cyber News > Persistent Vulnerability in Facebook Messenger App for Windows
CYBER NEWS

Persistent Vulnerability in Facebook Messenger App for Windows

by   |  Last Update:  |  0 Comments  

A vulnerability in the Facebook Messenger application for Windows was just discovered by Reason Labs security researchers.

The vulnerability is present in Messenger version 460.16, and it could allow attackers to exploit the app to execute malicious files already present on the targeted system. This could then help malware obtain persistent or extended access to the victim’s system.

The good news is that Facebook has already fixed the bug with the release of an updated version of the application via the Microsoft store.




Facebook Messenger App Vulnerability

According to the researchers, the app executes code that shouldn’t be executed, which leads to a vulnerability allowing attackers to hijack a call for a resource within the Messenger code in order to run malware:

By testing the new “Messenger” desktop application, the researchers came across a strange call to load the Powershell.exe from the Python27 directory. Upon noticing that, they knew they found something since the location of “Python27” is in the “c:\python27” directory, which is a low-integrity location. This means that every malicious program can access the path without the need of admin privileges.

Related: [wplinkpreview url=”https://sensorstechforum.com/facebook-admits-access-data-61-companies/”] Facebook Admits It Gave Access to User Data to 61 Tech Companies

The researchers decided to create a reverse shell with msfvenom and a listener with Metasploit just as a POC (proof-of-concept). Once the reverse shell was created, it was transferred to the c:\python27 directory and its name was changed to Powershell.exe which enabled them to hijack the call.

We ran our listener on the attacker machine so it would be ready to get the reverse shell connection from the victim machine. Then we executed the “Messenger” application and got the reverse shell connection, the Reason Labs team says in the report.

What is worse is that the vulnerability is also described as a “persistent threat” that can give attacks undetected access for an extended period of time. Fortunately, it has now been fixed.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Facebook Virus – How to Remove It (for PCs and Smartphones) This article will help you remove all types of Facebook...
  2. Messenger Virus on Facebook (YouTube Video Spam) – How to Remove It What is the Messenger Virus? How does Messenger Virus on...
  3. Facebook Virus Posts Your Profile Picture With a Link Another Facebook virus has been released, unlike any other. This...
  4. Be Worried: Facebook Scraped SMS and Calls Data on Android Devices Facebook is once again at the center of attention, following...
  5. Landpage.co Facebook Virus – How to Remove It Update July 2019! What is Landpage.co? Is landpage.co a virus?...
  6. Facebook Messenger App and Chat Vulnerable to Simple HTML Exploits Image Source: https://blog.checkpoint.com Facebook is far from invincible. In fact,...
  7. Facebook Messenger Updated with End-to-End Encryption for Voice and Video Calls Facebook is rolling out optional end-to-end encryption for video and...
  8. Facebook Messenger, Instagram, WhatsApp to Become One Platform Facebook is planning to unify Facebook Messenger, Instagram and WhatsApp...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree