Comment by 0x000xca0xfe
2 months ago
It's trivial to run an exploit shell from almost any language when you have non-sandboxed code running on the target machine.
2 months ago
It's trivial to run an exploit shell from almost any language when you have non-sandboxed code running on the target machine.
Yes but outside of dumping user data, there's not much else you can do. Crypto mining will get caught rather quickly (most big clouds ban mining). User data is useful for the type of attacker that's willing to go through the whole blackmarketing selling process. For script kiddies, if you think about it, the easiest pay-off for a social engineering/phishing is a frontend wallet crypto theft.
This has still nothing to do with the language or kernel exploits. Only code execution on a valuable host matters.
You could make a malicious Rust crate that on installation runs a Python shell and injects JavaScript into your browser to extract crypto wallets. There even seems to be a significant overlap of Rust devs/crypto fans.
Also script kiddies don't do social engineering and blackmarket crypto selling, that's 100% professional crime territory. Real-life script kiddie attacks I've seen were more like hacking an ecommerce site and adding bananas as currency.