The long road to your crypto: ClipBanker and its marathon infection chain

At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off with a web search for "Proxifier". Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a...

EUVD-2017-16666

Malware in sbrugna...

EUVD-2017-16648

Malware in sbrugna...

Proxifier for Mac 2.19 - Local Privilege Escalation

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

Proxifier For Mac 2.19 Local Privilege Escalation

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

Proxifier for Mac 2.19 - Local Privilege Escalation

Proxifier for Mac 2.19 - Local Privilege Escalation With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run...

Proxifier for Mac 2.19 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first...

CVE-2017-7690

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program...

CVE-2017-7690

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program...

Code injection

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program...

CVE-2017-7690

CVE-2017-7690 affects Proxifier for Mac prior to 2.19.2. On first run, if the KLoader binary is not suid root, Proxifier.app runs it as root, enabling the KLoader to gain/maintain root privileges once it sets itself to suid. The KLoader directory not being root-owned lets an attacker replace it w...

CVE-2017-7690

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program...

CVE-2017-7643

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program...

Code injection

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program...

CVE-2017-7643

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program...

CVE-2017-7643

CVE-2017-7643 affects Proxifier for Mac (pre-2.19). The vulnerability arises in the KLoader setuid root mechanism: on first run, if KLoader isn’t already root, Proxifier can cause it to run as root and then KLoader elevates to root privileges, enabling local privilege escalation. Exploitation vec...

CVE-2017-7643

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program...

Proxifier for Mac Elevation of Privilege Vulnerability

Proxifier for Mac is a Mac-based SOCKS5 client-side universal proxy software that supports web applications to access the Internet via HTTPS or SOCKS proxy. A security vulnerability exists in Proxifier for Mac versions prior to 2.19. A local attacker can exploit the vulnerability to gain privileg...

Proxifier 2.19 Privilege Escalation / Code Execution

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

Proxifier for Mac 2.17/2.18 - Privesc Escalation

Source: https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html Proxifier 2.18 also 2.17 and possibly some earlier version ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and...