Vulnerabilities

Security Flaw in BlueStacks Threatens Millions of Gamers

A serious security flaw in BlueStacks could jeopardize millions of gamers by allowing attackers to gain unauthorized access to their systems.

Marco Rizal
By Marco Rizal - Editor, Journalist 3 Min Read
Security Flaw in BlueStacks Threatens Millions of Gamers

A significant security issue has been discovered in BlueStacks for Windows, impacting versions prior to 10.40.1000.502.

BlueStacks is a widely used Android emulator that enables users to effortlessly run Android apps on their Windows computers.

On the other hand, this latest vulnerability could result in unauthorized individuals gaining control of your computer if you are running an outdated version.

The vulnerability occurs due to BlueStacks saving configuration files in a folder that is accessible and modifiable by any user.

It is possible for someone without the necessary permissions to modify these files and gain unauthorized access to certain parts of the computer.

BlueStacks stores its configuration files in the ProgramData directory, which has specific permissions such as:

  • NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  • BUILTIN\Administrators:(I)(OI)(CI)(F)
  • CREATOR OWNER:(I)(OI)(CI)(IO)(F)
  • BUILTIN\Users:(I)(OI)(CI)(RX)
  • BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)

One important thing to note is that the (F) permission grants unrestricted access and modification rights to all users for these files.

It's possible for anyone without specific permissions to make changes to the files utilized by BlueStacks.

This allows them to insert malicious code that will run whenever BlueStacks is launched by a legitimate user.

This code has the potential to break free from the virtual environment and cause damage to the main operating system.

Here's how an attacker could exploit this vulnerability:

Initially, the attacker would establish a regular user account for themselves and select an administrator account as their objective.

Which then, the attacker would require the target to install a version of BlueStacks that has vulnerabilities.

After installing BlueStacks, the attacker can make changes to a BlueStacks configuration file, like Nougat32.bstk, to enable Android to access the C drive of the Windows system.

Once the configuration has been adjusted, the attacker can effortlessly install a malicious app onto the Android system, which will then initiate automatically.

When the target runs BlueStacks, a malicious app will place a harmful code into the target's startup directory

After the target reboots their computer, the harmful code will execute, granting the attacker control over the system with the target's high-level privileges.

If exploited, this vulnerability could potentially enable an attacker to install malicious software, steal personal information, and gain control of the victim's computer.

Updating BlueStacks to the latest version is highly recommended for protection against this vulnerability. Make sure to download and install the new version released by the developers to fix this problem promptly.

More Stories

Critical Docker Vulnerability Could Grant Hackers Full Access

Deleted Diddy Tweets Are Being Used as Bait to Spread Malware

New Mirai Botnet Flaw That Could Cripple Cyber Attacks

Blur Your Home on Google Maps to Avoid This Scary New Sextortion Scam

Leave a comment

Latest stories