AntiPwny shows FF process as infected by meterpreter.
By running an AntiPwny scan, the only process in the system that shows suspicious activity is FF. So i reinstalled FF with all addons disabled, the only addon i installed on top is LastPass. Ran the scan again, and the same thing happens.
All Replies (5)
(2/19/2021 6:30 AM) firefox memory contains meterpreter signature. [Meterpreter Found], (2/19/2021 6:37 AM) firefox memory contains meterpreter signature. [Meterpreter Found], (2/19/2021 6:40 AM) firefox memory contains meterpreter signature. [Meterpreter Found], (2/19/2021 6:55 AM) firefox Killed [Meterpreter], (2/19/2021 6:55 AM) firefox Killed [Meterpreter], (2/19/2021 6:55 AM) firefox Killed [Meterpreter], (2/19/2021 6:55 AM) firefox Killed [Meterpreter], (2/19/2021 6:55 AM) firefox Killed [Meterpreter], (2/19/2021 6:55 AM) firefox Killed [Meterpreter],
Can you ask the author of the tool whether they can replicate your results on their own install or provide tips on what to look for?
Im afraid this is one of the only 2 tools (at least simple to use) that are available and they both had not been updated for years and the author does not respond to github issues.
Is there any reason to believe Firefox is involved in any mischief based on its behavior or resource consumption? I don't know how to gain any insight on the detection; it just doesn't sound familiar.
It is possible that some addon can hide an obfuscated payload of metasploit, wrapping meterpreter. It is also possible that the tool is misbehaving. So not being a savvy user, im asking someone with experience to take a look at this, basically.