Hackers Replace Windows Narrator to Get SYSTEM Level Access

[silversurfer]

Chinese hackers are replacing the legitimate Narrator app on targeted Windows systems with a trojanized version that gives them remote access with privileges of the most powerful account on the operating system.
The Narrator app is part of the 'Ease of Access' set of programs in Windows, which users can launch from the logon screen before authenticating. Other accessibility programs include the On-Screen Keyboard, Magnifier, Display Switcher, and App Switcher.
These programs inherit the permissions from the executable that launches them, 'winlogon.exe' - the logon process that comes with SYSTEM permissions.
Adversaries already on the system can modify them to spawn a Command Prompt (cmd.exe) window with elevated permissions on the remote desktop login screen.

Read more here: https://www.bleepingcomputer.com/news/se...el-access/