Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,598
These applications rely on the open source Squirrel project to manage installation and updating routines. They can be used by many applications, and their paths can be different. I tested these executables from the newest Discord and they can download the payload (.nupkg package).Would it be a good Idea to add two new lolbins: update.exe and squirrel.exe ?
Microsoft Teams Can Be Used to Download and Run Malicious Packages
The update mechanism as it is currently implemented in Microsoft Teams desktop app allows downloading and executing arbitrary files on the system.www.bleepingcomputer.com
Edit: My guess is Discordapp.com (desktop version) also use them. Atleast there is an squirrel.exe and update.exe in the folder.
Blocking them will block the application updates, so it has to be an individual decision. The best method would be manually blocking the concrete paths of update.exe and squirrel.exe by Firewall Hardening tool.
It is worth to remember that LOLBins can be dangerous only if something was already exploited. This is hardly possible on the well updated system/software on Windows 10.
Last edited: