#uTorrent bug allows #websites to spy on PC and steal downloaded files

Google researcher uncovered another uTorrent bug allowing hackers to spread malware
Google Project researcher Tavis Ormandy discovered a severe remote code execution bug in uTorrent Web, which will enable hackers to disseminate malware via hacked software on malicious websites. Hackers exploited a way to steal uTorrent’s authentication tokens and take complete control over the service.
Initially, this problem had been reported in December,[3] except that it touched BitTorrent and uTorrent Classic. Then Ormandy warned clients that the vulnerability might allow hackers to infect websites from which torrents are downloaded and, therefore, allow them to see what software you tend to download. He pointed out that:
Once you have the secret, you can just change the directory torrents are saved to, and then download any file anywhere.
Cybercriminals found a way to steal tokens via torrent websites loaded over a web browser. This way they manage to steal the authentication token and may take full control over uTorrent service.
By default, uTorrent Web create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web). However, experts have found multiple flaws in the RPC server, which allows hackers to exploit any data using XMLHTTPRequest(). In other words, visiting practically any website can end up with software corruption and malware injection.
The flaw allows hackers to inject malware into Windows startup folder
uTorrent Web uses a web interface.[4] Thus, in comparison to desktop apps, the service is controlled by a browser. Besides, the uTorrent web is configured to start along with the Window OS. This grants the service to be running and accessible all the time.
Once crooks steal the authentication token, they generate a random one and inject it in a configuration file, which must pass all URL parameter requirements. After the hack, the hijacked uTorrent Web server’s icon o will generate a browser window with the controlled client. This way, website’s owner or manager can give the software a command to download a severe infection, which is installed straight to the Windows startup.

Comments

Popular posts from this blog

How to make ‪#‎symbols‬ with your ‪#‎keyboard‬

Don't Trust the '‪#‎Windows‬ 10 Free Update' Email, Warns Cisco

Microsoft issues warning to 800 million Windows 10 users