The Cat-and-Mouse Game: Your Mouse Can be Used Against You

Yes, you read it right. Your mouse can allow attackers to gain unsurpassed access to compromised systems.

The scoop

Earlier this year, Kensington patched its desktop app, owing to an RCE vulnerability that could have allowed attackers to hijack computers. However, another unpatched RCE has been found recently. These flaws can be easily exploited by cybercriminals by luring a victim to a webpage containing malicious JavaScript code. This script attacks the KensingtonWorks software installed on the victim’s Windows PC or Mac.

Where does the mouse come in here?

  • Kensington sells mice with extra buttons. The software KensingtonWorks helps the users connect these extra buttons to shortcut commands.
  • These mice are presumed to be used by high-value targets, with the vulnerabilities being used in targeted attacks.
  • Moreover, KensingtonWorks is written in Electron, implying that the app may be vulnerable to cross-site scripting attacks.

What does this imply?

KensingtonWorks is a smooth target as it does not allow the sanitization of data collected from external sources. Thus, implying that the hacker can create a website with malicious JavaScript. Subsequently, when the software displays the maliciously named app, it interprets it as a JS code and executes it. Ultimately, the NodeJS function in the payload gives the attacker direct remote access.   

Similar attack

In April, a unique attack vector was discovered that allowed a threat actor to manipulate a PPT file to start downloading malware, just by hovering the cursor over a hypertext link.

The bottom line

It is undeniable that attackers, with every passing day, are coming up with new ingenious ways to hack targets. Users of Kensington mice and KensingtonWorks are suggested to be on the lookout for the patch released to stay safe. Until then, stay safe and follow internet safety protocols.