Friday, June 23, 2017
Critical Bug in Popular Antivirus Hackers can Steal all Your Passwords
Critical Bug in Popular Antivirus Hackers can Steal all Your Passwords
Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software.
The Popular antivirus maker and security firm Trend Micro has released an emergency patch to fix critical flaws in its anti-virus product that allow hackers to execute arbitrary commands remotely as well as steal your saved password from Password Manager built into its AntiVirus program.
The password management tool that comes bundled with its main antivirus is used to store passwords by users and works exactly like any other password manager application.
Even Websites Can Hack Into Your Computer
Googles Project Zero security researcher, Tavis Ormandy, discovered the remote code execution flaw in Trend Micro Antivirus Password Manager component, allowing hackers to steal users’ passwords.In short, once compromised, all your accounts passwords are gone.
Technically, The Password Manager component within the Antivirus suite works by starting a Node.js server on the local computer, by default, every time the main antivirus starts.
When analyzed the Password Manager component, Ormandy found that the Node.js server leaves a number of HTTP RPC ports used for handling API requests open to the world.
Available at "http://localhost:49155/api/," hackers could craft malicious links that, when clicked by a user with Trend Micro antivirus installed, would allow them to execute arbitrary code on the local computer with zero user interaction.
In short, an attacker could easily remotely download malicious code and execute it on your machine, even without your knowledge.
Besides this, Ormandy also found that the Trend Micro Password Manager also exposes over 70 APIs through this same Node.js server.
Available at "http://localhost:49155/api/," hackers could craft malicious links that, when clicked by a user with Trend Micro antivirus installed, would allow them to execute arbitrary code on the local computer with zero user interaction.
In short, an attacker could easily remotely download malicious code and execute it on your machine, even without your knowledge.
Besides this, Ormandy also found that the Trend Micro Password Manager also exposes over 70 APIs through this same Node.js server.
More? Trend Micro Uses Self-Signed SSL Certificate
Just like Lenovo’s Superfish and Dell’s eDellRoot, Trend Micro also adds a self-signed security certificate to its user’s certificate store, so that its users will not see any HTTPS errors.Ormandy said, “this thing is ridiculous.”
Trend Micro installs a self-signed HTTPS certificate that can intercept encrypted traffic for every website a user visits.
Ormandy reported the issue to Trend Micros team and helped them create a patch for it, which is now available to address the remote-code execution flaw. SO, Trend Micro users are advised to update their software as soon as possible.
Also Read:
- Modern Cars are Vulnerable to Hackers!
- Python: Noob Friendly Programming Language To Start Coding
- Top 10 Dangerous Hacking Attacks The World Has Seen In 2015
Available link for download
