Hello, welcome to the Monday, July 27th, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

So a lot of modern desktop applications are actually using technologies that are typically more associated with web applications like,

for example, JavaScript.

Now, from a security point of view, this is not necessarily versed and sort of the existing

compiled applications, but does make it a little bit easier for NetHacker to modify the code after it has been downloaded

to the user's system.

We've got the interesting example here from Xavier who looked at a recent piece of malware

that abuses the Discord client.

Now Discord, of course, the online chat software that's quite popular these days.

And in this case, the ad hacker did inject additional JavaScript into the code after Discord

client to then exfiltrate user data.

And well, interestingly and probably even conveniently here with Discord, it used

Discord itself to exfiltrate the data. So the reason this is easier is that the attacker

does not have to recompile the application. They can just swap individual files that make up

the code for the application on the user's system.

This is not a vulnerability necessarily in the application other than the fact that it tends to be

quite difficult for these applications to ensure the integrity of the application as it is

put together from numerous different libraries and individual files that are then loaded

at runtime. As a user, there isn't really a lot you can do beyond, well, make sure where you

download extensions and such for this software from. And of course, Xavier has a walkthrough

how he analyzed this particular piece of malware.

...