BEEMKA: Basic Electron Framework Exploitation Tool (Red Team Persistence / Data Egress)

In a nutshell, it’s just way easier to do this to an Electron application than any other native one.

A few points:

  • Signature remains intact (as mentioned previously).

  • You only need JavaScript, no memory injection or altering binary files.

  • You can interact with the application itself, as in the video about Bitwarden where you can egress all stored passwords after the vault has been unlocked. Same way you can egress code from VS Code and Atom.

  • At the moment, only 4 anti-virus engines scan .asar files, so you can inject your payload and it won’t be picked up.

Also, you are actually able to modify the source code of the application without being detected – when did this become the norm for desktop apps? A simple integrity check on electron.asar would fix this issue (or somehow signing the file).

Leave a Reply