Nowadays, the technologies for developing software for webs are multiplying rapidly, while introducing, in some cases, new ways of attack or unexpected advantages for attackers. Let’s see what WebAssembly (WASM) is and what potential benefits can have for attackers.
This relatively new open standard (announced in 2015 but started to be used in 2017) allows us to execute binary code, compiled with languages such as C, C++ or Rust in modern web browsers, with all the new functionalities and performance that it can involve.
Just as new technologies and programming languages offer multiple improvements, it is a matter of time before attackers find the attack vectors and use them to their advantage, and WebAssembly applications are no exception. Let’s see, through the example below, how a simple malicious code could be compiled to simulate a social engineering cyberattack.
This type of simulated attack is known as a “tech support scam,” where a scammer impersonates a technician from a technology company using intimidation tactics and social engineering to trick people into paying for unnecessary support services. When the victim calls the tech support number, the scammers ask for money to fix the problem or request access to install malware (backdoor) on the victim’s device. This Twitter Thread by Sergio de los Santos is a good example of the sophistication achieved.
If WebAssembly is being used to support cryptoattacks, attackers may continue to profit from other fronts. Other formulas for the malicious use of WASM are the following:
- Redirection to malicious URLs: there are campaigns to infect devices by means of malicious redirects (via WebAssembly code) from compromised sites to the same technical support scams, mining of cryptocurrencies, etc.
- Keyloggers, record keystrokes to steal passwords and other confidential information from visitors to compromised websites, taking advantage of the fact that WebAssembly is generating code that evades typical detections by external controls or browsers.