Researchers have discovered a new vulnerability in Facebook Messanger that could allow hackers to hijack a call for a resource within the Messenger code to run their malware.
The vulnerability resides in the version 460.16 that was available in Microsoft Store. Cybersecurity researchers at Reason lab reported it to Facebook and the tech giant immediately released a patch and the vulnerability has been fixed with version 480.5.
Messenger To Gain Persistent Access
Researchers said that they found a problem in the Facebook Messenger App, that the app executes code that shouldn’t be executed, that let the rise of a vulnerability allowing an attacker to hijack a call for a resource within the Messenger code.
The researchers found that the Messenger app gives a strange call to Powershell.exe from Python27 directory, which is located in “c:\python27” means that the malicious program can access the path without any admin privileges.
To test the vulnerability researchers started a Listener in Metasploit and created a reverse shell with msfvenom and renamed the listener to Powershell.exe and transferred it to c:\python27 in order to hijack the call.
After running the Listener on the attackers machine the researchers and executed the “Messenger” app got the reverse shell of the victim’s machine.
In this Covid-19 situation, there is been a 50% increase in the Messenger and threat attackers can exploit this vulnerability to gain malicious access to the victim’s machine.