This Week in Security: DEF CON Nonsense, Vibepwned, and 0-days
DEF CON happened just a few weeks ago, and it’s time to cover some of the interesting talks. This year there were two talks in particular that are notable for being controversial. Coincidentally both of these were from Track 3. The first was the Passkeys Pwned, a talk by SquareX about how the passkey process can be hijacked by malware.
[Dan Goodin] lays out both the details on Passkeys, and why the work from SquareX isn’t the major vulnerability that they claim it is. First, what is a Passkey? Technically it’s a public/private keypair that is stored by the user’s browser. A unique keypair is generated for each new website, and the site stores the public key. To authenticate with the Passkey, the site generates a random string, the browser signs it with the private key, and the site checks it against the public key. I stand by my early opinion, that Passkeys are effectively just passwords, but with all the best-practices mandated.
So what is the claim presented at DEF CON? Malicious code running in the context of the browser tab can hijack the passkey process. In the demonstrated attack flow, a browser extension caused the Passkey login to fail, and prompted the user to generate a new Passkey. This is an interesting observation, and a clever attack against Passkeys, but is not a vulnerability in the Passkey spec. Or more accurately, it’s an accepted limitation of Passkeys, that they cannot guarantee security in the presence of a compromised browser.
That Wasn’t the Sketchiest DEF CON Talk
There was another suspect presentation: A talk on DragonSlayer, a framework to de-obfuscate virtualized malware. This topic is super interesting, diving into the world of highly obfuscated malware. Imagine a binary that internally implements an interpreter runs the actual program code from a bytecode format. As a researcher, this sort of obfuscation is very time consuming to wade through.
The approach from DragonSlayer is to observe the malware, look for known patterns, and feed the observations into a machine learning tool.
If that sounds a bit like a meme, with the steps going: 1) AI, 2) ???, 3) Profit. And this is where we get to the reaction from at least part of the security community. The term “AI slop” is thrown around. The repository doesn’t compile, portions of the code are no-ops with comments about what the real code would look like, and some recent commits look like attempts to remove the tell-tale sings of AI authorship.
Ransomware in the cloud
There’s a new trend in ransomware attacks, to move away from on-premise and encryption, and to instead attack cloud data. This is based on a report from Microsoft, detailing the activities of Storm-0501. That threat actor has begun chaining on-premises attacks into Azure takeover.
Azure has plenty of bandwidth, and an attacker isn’t on the hook to pay for it, so the approach here is to firehose all of that data off-site, and then delete every scrap possible. In cases where the permissions don’t allow deletion, new keys are created, proving that the encryption approach isn’t dead yet.
AI Malware
Let’s talk AI Malware. Up first is PromptLock, a find by ESET. Rather than being found in an active exploit, ESET researchers found this as an upload to VirusTotal, and suspect that it’s a proof of concept.
That concept is to skip shellcode, and instead just include malicious prompts in the malware. Upon execution, the malware sends the embedded prompts off to an Ollama API, and asks for malicious Lua code back.
PromptLock seemed like a proof of concept, but there was a different, live malware campaign this week, that made use of a compromised nx library delivered via npm. This one creates a repository named s1ngularity-repository if it’s running in a GitHub context. It also looks for Claude or Gemini on the system, and if found, runs a malicious prompt instructing the agentic LLM to look for local secrets.
0-days
Pssst, hey kid, I hear you like 0-days. We’ve got 0-days this week. First up, FreePBX. The administrative control panel has a flaw that allows an attacker to run any command as the underlying Asterisk user. The earliest that this attack has been seen in logs was August 21, and any FreePBX system with the admin panel exposed to the Internet could be compromised.
Researchers at at watchTowr caught wind of a vulnerability in CrushFTP that allowed attackers admin access to the server over HTTPS. This one was being exploited in the wild even before the patch was released. Rather than do their normal patch reverse engineering, the watchTowr team put their Attacker Eye honeypot to work. They added a CrushFTP module to the mix, and sat back to wait for the incoming attack. The Internet didn’t disappoint, and it turns out this is a very odd race condition between login attempts.
The Passwordstate credentials manager also has a pair of vulnerabilities fixed in a recent update, though it doesn’t appear that they are actually 0-days, nor yet exploited in the wild. This one seems to allow unauthorized access to the administrative interface via the Emergency Access page.
Bits and Bytes
Trail of Bits performed a security assessment of the WhatsApp apps and backend infrastructure. They found about 28 separate issues, with the most serious getting fixed. Kudos to Meta and Trail of Bits for publishing the whole report.
And finally, there’s a clever technique showing up on Linux malware. Encoding a malicious command as part of the filename. The attack starts with a .rar. It drops a file with the malicious name, with the hope that it will be processed by a backup or similar script. The end-game is a rootkit with remote access. Be careful what you download!
