Details of a flaw recently discovered in the Facebook Messenger application for Windows were disclosed Thursday by cybersecurity researchers at Reason Labs.

The fault, which rests in Messenger version 460.16, could let hackers leverage the app to possibly perform malicious files already existing on a negotiated system in a bid to help malware gain consisted or prolonged access.

Reason Labs shared its results with Facebook in April, after which the company swiftly repaired the flaw with the release of an updated version of Facebook Messenger for Windows users through the Microsoft store.

Researchers suggested that the susceptible app activates a call to load Windows Powershell from the C:\python27 path, typically created when installing version 2.7 of the Python.

Calls that seek to load potentially non-existent resources to secretly execute malware can be hijacked by hackers.

To assess if the vulnerability can be exploited, the team created a reverse shell camouflaged as Powershell.exe and installed it into the Python directory. They then ran the Messenger app, which activated the call, effectively performing the reverse shell, thus demonstrating that cybercriminals could abuse the fault for tenacious attacks.

Traditionally, hackers engaging persistence systems depend on registry keys, scheduled tasks, and services to maintain active access to a system. This specific type of susceptibility is considered to be more multifaceted to misuse.

Hackers need to see if an app is making an unwelcome call or dump deep into an app’s binary code to find a function that makes such a call.
The flaw has been repaired in version 480.5, which is the latest release that Reason tested. Users who are running the faulty version should update to the latest release.

While it has not been indicated that the flaw has been abused before Reason’s discovery, such susceptibilities are highly dicey.

Leave a Reply

Your email address will not be published. Required fields are marked *