• BearOfaTime@lemm.ee
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    3
    ·
    2 months ago

    Wouldn’t it require elevation?

    Yet another example of why running as root/admin is a Bad Idea©

    • groet@feddit.org
      link
      fedilink
      English
      arrow-up
      72
      ·
      2 months ago

      No, why would it? It will run code in the context of the current user which is absolutely enough to start a new process that will run in the background, download more code from a attacker server and allow remote access. The attacker will only have as much permissions as the user executing the code but that is enough to steal their files, run a keyloggers, steal their sessions for other websites etc.

      They can try to escalate to the admin user, but when targeting private victims, all the data that is worth stealing is available to the user and does not require admin privs.

        • schizo@forum.uncomfortable.business
          link
          fedilink
          English
          arrow-up
          17
          ·
          2 months ago

          This here. The most important thing on your computer are all your session cookies, which are, well, accessible with permissions your user account already has.

          Dudes don’t care about making your shit into a botnet, or putting a rootkit in your firmware, or whatever other technically complex thing you care to think about: they’re there to steal your shit, and the most valuable shit you have is sitting there out in the open for the taking for anyone who makes it past a very very low bar of ‘make the user do something stupid’.

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        2 months ago

        Exactly. The moment you hit Enter, the computer becomes part of a botnet on every login.

    • IsThisAnAI@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      3
      ·
      edit-2
      2 months ago

      Yes. The prompt asking you if you wanted to do it or not would come up next. Unless they figured out some sneaky way to do something to avoid using admin.

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        English
        arrow-up
        20
        ·
        2 months ago

        Deploy a user-level payload that is auto started on login. The computer is now part of the botnet and can already be used for useful ops. Deploy a privilege escalation payload later if needed.

      • Dave.@aussie.zone
        link
        fedilink
        English
        arrow-up
        12
        ·
        edit-2
        2 months ago

        90% of users when they are presented with the UAC popup when they do something:

        “Yes yes whateverrr” <click>

          • T156@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            It would be trivial to add a “please click ‘yes’ to the UAC prompt to allow verification” screen, so that isn’t really going to stop anyone.

            I’ve seen a bit of office malware in the past that did that, where it had a bunch of images instructing you to enable macros and that.

    • Bezier@suppo.fi
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      That should be easy on windows, but user permissions might also be enough for whatever it does.

    • Treczoks@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      2 months ago

      Once you run something on windows, elevation is just a thing of using the right toolbox.