Now that you have a shell, you need to establish persistence. How about this time, you use slack.exe without modifying its signature? Or Skype, WhatsApp, or even Visual Studio Code?
An architecture decision makes backdooring legitimate applications easy, and enables attackers to egress data from both within the application (your stored passwords / application session etc) and from the operating system. And as ElectronJS is cross-platform, the sky’s the limit! Batteries included – yes, there’s a tool for that!
Pavel is a security consultant for Context Information Security, based in London. Other than security related interests, hobbies include playing around with raspberry pi’s, making “books to read” lists that will never be read, and starting side-projects that never finish. Also, for 10 years he’s been a PHP developer therefore spends his extra time defending PHP.