Flutterby™! : Backdooring an AWS utility

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Backdooring an AWS utility

2024-07-15 22:54:59.416602+02 by Dan Lyke 0 comments

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

Files available on the open source NPM repository underscore a growing sophistication.

Including a piece of JavaScript code that nominally calculated an average brightness for a .JPG file, but extracted code embedded in the JPEG to run. One of the JPEGs included (interestingly, not the one that JPEG loading code reported as corrupt) code to hit a C&C HTTP server for further instructions...

[ related topics: Free Software Robotics Embedded Devices ]

comments in descending chronological order (reverse):