Hackers abuse Electron Framework’s cross-platform desktop app capabilities, which are based on web technologies like HTML, JS, and CSS.
The flexibility and widespread adoption of the Electron Framework enables the creation of several malicious programs cross-OS.
Cybersecurity researchers at ASEC recently discovered that hackers have been actively using the Electron Framework to build advanced infostealer malware, which harvests sensitive data from infected systems.
Electron apps use Nullsoft Scriptable Install System (NSIS) installers, and the hackers packaged their malware in an NSIS installer, exploiting the Electron’s capabilities.
Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot
The threat actor applied this installation format to the malware in this attack event.
Researchers identified that there are two cases:-
Running the malware installs and executes an Electron app with a folder structure.
Electron leverages Node.js for OS interaction, so malicious behaviors exist in the Node script inside the .asar file (typically app\resources path).
Unpacking via npm asar exposes the full code, with malicious logic defined in a.js.
Another strain poses as TeamViewer, exfiltrating user data (system info, browser histories, credentials) to gofile file-sharing service.
While NSI scripts often directly run malware from NSIS installers, these strains leverage Electron’s structure for obfuscation, evading detection by users and security tools.
Besides this, to stay safe, security analysts urged users to obtain games and utilities only from the official websites.
Here below we have mentioned all the recommendations:-
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP
.
The European Union's law enforcement agency, Europol, has confirmed a security breach of its web…
Staying informed is the key in this dynamic battle of cybersecurity, and due to this,…
Two new vulnerabilities have been discovered in Next.js, related to response queue poisoning and SSRF…
British Columbia's government has confirmed a sophisticated attempt to infiltrate its information systems. Premier David…
Security researchers have uncovered a new technique called "TunnelVision" that exposes a fundamental flaw in…
A sophisticated malware campaign has been identified, specifically targeting Windows and Microsoft Office users through…