Infostiller made and distributed with Electron

  • AhnLab Security Intelligence Center (ASEC) has discovered a type of infostealer created with Electron. Electron is a framework that allows the development of apps using JavaScript, HTML, and CSS. Discord, Microsoft VSCo, and de are representative applications built with Electron. Apps developed with Electron are packaged and mainly distributed in the form of NSIS (Nullsoft Scriptable Install System) installers, which attackers have applied to malicious code. [1]
  • Case #1: When the malware is executed, an Electron application with the following folder structure is installed and run. Since Electron interacts with the OS using node.js, the actual malicious behavior is defined in a node.js script, which is packaged in an .asar file (usually in the appresources path…)

The post Electron으로 제작되어 유포되는 인포스틸러 appeared first on ASEC BLOG.

https://asec.ahnlab.com/ko/64285/

No tags for this post.