Thursday, November 7, 2024
HomeAndroidBlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

Published on

Malware protection

A significant vulnerability was discovered in BlueStacks, the world’s fastest Android emulator and cloud gaming platform. When used against a victim, this gives attackers complete access to the machine.

The American technology business BlueStacks, also known as BlueStacks by now.gg, Inc., is well-known for developing the BlueStacks App Player and other cloud-based cross-platform applications.

The BlueStacks App Player allows Android applications to run on devices running Microsoft Windows or macOS. 

- Advertisement - SIEM as a Service

BlueStacks exchanges virtual machine configuration files amongst several OS users and keeps them in a world-writable directory, which makes it feasible for an unauthorized user to backdoor an image and obtain privileged user code execution capabilities.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Understanding The Vulnerability

The critical flaw is identified as BlueStacks privilege escalation via virtual machine backdooring tracked as CVE-2024-33352.

An attacker can automatically add executable code to the virtual machine by changing the BlueStacks configuration.

This allows the attacker to create a backdoor that will launch whenever an authorized user launches the emulator. 

Later, the code may be made to escape Virtual Box and enter the host operating system by reconfiguring the shared directory settings to include the entire C drive.

The attacker would edit the file on the C drive and alter it to enable a virtual machine escape, giving them complete access to the Windows filesystem.

Hence, the attacker installs malicious software on the Android virtual machine (VM), which has the ability to deliver a payload into the host system’s startup directory. 

This payload is run with the victim’s privileges when the victim restarts their computer, granting the attacker complete control.

The vulnerability was brought to light by researcher Maciej Miszczyk. BlueStacks for Windows (versions prior to 10.40.1000.502) are affected.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Rise Of Ransomware-As-A-Service Leads To Decline Of Custom Tools

Ransomware-as-a-Service (RaaS) platforms have revolutionized the ransomware market.Unlike traditional standalone ransomware sales, RaaS...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...