EvilGrade is the framework which allows anyone to hijack software updates by injecting custom updates and there by own the target machine completely. It contains set of modules written specifically for each of the Softwares to emulate and hijack its automatic update process.
Using this beautiful framework, any attacker on the network can easily push the malicious software updates to target machine by performing man in the middle attack along with DNS spoofing. Once the malicious update is injected, attacker has full control of target machine and can do anything such as stealing the passwords, bank account or credit card details etc.
Here is the nice demonstration video created by Nishant illustrating this hijacking process.
In this demo video, the false update software connects back to attacker machine, thus giving full access to victim’s system. This might look suspicious as the downloaded software update does not do anything. However the real hacker may pack the real update software with malicious program to keep it transparent.
So next time, when you update your software make sure to check your bank balance…!