Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion of security software and bypasses application controls by exploiting trusted, signed Electron apps.
Script-jacking hijacks the execution flow of an Electron app by modifying JavaScript files loaded in at runtime with arbitrary Node.js code. This technique can be leveraged to:
- Backdoor the Electron app
- Hollow out the Electron app
- Chain execution to another process
While several tools already address leveraging script-jacking to chain execution to another process, Loki is the first to enable backdooring and hollowing of signed Electron apps without invalidating their code signing signature.
For more details on how Loki works, checkout this blog post:
| Name | Contributions |
|---|---|
| Bobby Cooke | Creator & Maintainer |
| Dylan Tran | Creator |
| Ellis Springe | Alpha Tester |
| Shawn Jones | Assembly Execution Code |
| Simon Exley | Video Creator |
| Clinton Elves | Video Creator |
| John Hammond | Video Creator |
Check out this video by John Hammond on backdooring Cursor AI with Loki C2! π©
- In the video he walks through discovering a new vulnerable Electron application, backdooring it with Loki C2, getting setup with the client GUI, and we even came up with two ways to keep the app running persistently in the background πͺ -- Cursor runs normally from the end users perspective! π₯·
Check out this video by Simon Exley & Clinton Elves on getting up and running with Loki C2! π§ββοΈ
- Azure Storage Blob C2 channel
- SAS Token to protect C2 storage account
- AES encrypted C2 messages
- Proxy-aware agent
- Uses Chromium renderer child processes for agent, shellcode execution, and assembly fork-n-run style execution -- inherits proxy-aware capabilities of Chromium.
- Teamserver-less
- Unlike traditional C2's where agents send messages to a Teamserver, there is no Teamserver
- The GUI client & agents both checkin to the same data-store
- Hidden exection -- runs in the background
All agent commands are written in native Node.JS and do not require additional dependencies or library load events. With the exception of the scexec and assembly commands which do a library load on keytar.node and assembly.node
- All commands accept paths using
/,\in paths will not work.
| Command | Description |
|---|---|
help |
Display help. Usage: help or help scan |
pwd |
Print working directory |
ls |
File and directory listing |
cat |
Display contents of a file |
env |
Display process environment variables |
spawn |
Spawn a child process |
drives |
List drives |
mv |
Move a file to a new destination |
sleep |
Sleep for seconds with jitter |
cp |
Copy a source file to a destination |
exit-all |
Exits the agent, agent won't callback anymore |
load |
Load a node PE file from disk into the process |
scexec |
Execute shellcode |
assembly |
Execute a .NET assembly and get command output |
upload |
Upload a file from your local operator box to the remote agent box |
download |
Download a file from remote agent box to local operator box |
scan |
Perform TCP network scan across CIDR range with selected ports |
dns |
DNS lookup. Leverages systems DNS configuration |
set |
Set the Node load paths for assembly node and scexec nodes |
- If there are application control rules preventing library loads for the node files you can use the
setcommand to change the load paths forassembly.nodeandscexec.node. - By using
ls,cat,cpandmvyou may be able to enumerate the application control rules to discover a writable directory that is an exclusion. - With this you can put the node files in the exclusion directory and use the
setcommand to change their load path to the exclusion directory to bypass the application control. - For more details on this attack vector see the CRTO2 course by Daniel Duggan (@_RastaMouse)
[04-04-2025 8:50AM MST] advsim$ help set
Set the Node load paths for assembly node and scexec nodes
set scexec_path C:/Users/user/AppData/ExcludedApp/scexec.node
set assembly_path C:/Users/user/AppData/ExcludedApp/assembly.node
[04-04-2025 8:51AM MST] advsim$ set scexec_path C:/Users/user/AppData/ExcludedApp/scexec.node
SCEXEC Node Load Path Set to : C:/Users/user/AppData/ExcludedApp/scexec.node
For more information on Agent features click here
For more information on Client features click here
First you need to identify a vulnerable Electron application which does not do ASAR security integrity checks such as Microsoft Teams. Newer applications may have integrity checks preventing backdooring. Older versions of the target app are more likely to be vulnerable.
| Vulnerable | App Name | EXE Name | Version | Discovery Credit |
|---|---|---|---|---|
| β | Microsoft Teams | Teams.exe |
1.7.00.13456 |
Andrew Kisliakov & mr.d0x |
| β | Cursor | cursor.exe |
0.48.7.0 |
John Hammond |
| β | VS Code | code.exe |
chompie1337 & knavesec | |
| β | Github Desktop | GithubDesktop.exe |
3.4.6.0 |
d_tranman & 0xBoku |
| β | Postman | Postman.exe |
clod81 | |
| β | Obsidian | Obsidian.exe |
clod81 | |
| β | Joplin | Joplin.exe |
0xAnom4ly | |
| β | Discord | Discord.exe |
clod81 | |
| β | Windsurf | Windsurf.exe |
nero22k | |
| β | Figma | Figma.exe |
WaterBucket | |
| β | RingCentral | RingCentral.exe |
4y45u45c4 | |
| β | ιΏιδΊη | aDrive |
6.8.6 |
Adnnlnistrator |
| β | azuredatastudio | azuredatastudio.exe |
1.51.1 |
Adnnlnistrator |
| β | atom | atom.exe |
1.60.0 |
Adnnlnistrator |
| β | Bruno | Bruno.exe |
2.1.0 |
Tyler Schultz |
| β | KeeWeb | KeeWeb.exe |
j0hnZ3RA | |
| β | Wordpress | Wordpress.com.exe |
j0hnZ3RA | |
| β | Arduino IDE | Arduino IDE.exe |
j0hnZ3RA | |
| β | QRLWallet | QRLWallet.exe |
1.8.1 |
OnlySmrtSumX & tideboss |
| β | DevHub | DevHub.exe |
0.102.0 |
ab4y98 |
| β | Asana | Asana.exe |
2.3.0 |
syro |
| β | Insomnia | insomnia-11.0.2.exe |
11.0.2 |
syro |
| β | 1Password | 1Password.exe |
||
| β | Signal | Signal.exe |
||
| β | Slack | slack.exe |
You don't need to compile the agent when backdooring Electron apps. Just replace the contents of {ELECTRONAPP}/resources/app/ with the Loki agent files.
- Clone this repo and
cdinto it - Install Node.JS
- Install
javascript-obfuscatormodule
npm install --save-dev javascript-obfuscator
- Run
obfuscateAgent.jsscript to create a Loki payload with your Storage Account info
bobby$ node obfuscateAgent.js
[+] Provide Azure storage account information:
- Enter Storage Account : 7f7584ty218ba5dba778.blob.core.windows.net
- Enter SAS Token : se=2025-05-28T23%3A14%3A48Z&sp=rwdlac&spr=https&sv=2022-11-02&ss=b&srt=sco&sig=5MXQzJ6FDZK8yYiBSgJ6FDZKgQzJMXBSgg6qE4ydrJ6FDZKSgg%3D
[+] Configuration:
- Storage Account : 7f7584ty218ba5dba778.blob.core.windows.net
- SAS Token : se=2025-05-28T23%3A14%3A48Z&sp=rwdlac&spr=https&sv=2022-11-02&ss=b&srt=sco&sig=5MXQzJ6FDZK8yYiBSgJ6FDZKgQzJMXBSgg6qE4ydrJ6FDZKSgg%3D
- Meta Container : mllyi2zjmafjm
[+] Updated /Users/bobby/apr2/LokiC2/config.js with storage configuration.
- Enter into the Loki Client UI
Loki Client > Configuration
[+] Modifying PE binaries to have new hashes...
- Payload assembly.node hash : e9d126407264821d3c2d324da0e2d1bc13cbc53e7c56340fe12b07f69b707f02
- Payload keytar.node hash : 292c14ffebd6cae3df99d9fbee525e29a5a704f076b82207eb3e650de45b075d
[+] Payload ready!
- Obfuscated payload in the ./app directory
- Your obfuscated Loki payload is output to
./app/ - Change directory to the
{ELECTRONAPP}/resources/ - Delete everything
- Copy the Loki
./app/folder to{ELECTRONAPP}/resources/app/ - Click the Electron PE file and make sure Loki works
-
Launch the Loki GUI client
-
From the menubar click
Loki Client > Configurationto open the Settings window -
Enter in your Storage Account details and click
Save
-
The agent should now render in the dashboard
-
Click the agent from the dashboard table to open the agent window
-
Test to ensure Loki works properly
The most straightforward way to use Loki is to replace the files in {ELECTRONAPP}/resources/app/ with the Loki files. This hollows out the app, meaning the app won't function normally -- Loki replaced its functionality.
If you really want to keep the Electron application running and have it also deploy Loki in the background all hope is not lost! John Hammond and I figured out a way to keep the real Electron application running. We've added the file you will need to /loki/proxyapp/init.js in this repo.
It is currently setup to work for Cursor, discovered to be vulnerable by John Hammond.
For doing this you will need to:
- Download the Cursor app
- Paste all Loki files except
package.jsontocursor/resources/app/- Don't replace the real
package.json
- Don't replace the real
- Copy
/loki/proxyapp/init.jstocursor/resources/app/ - Modify contents of
cursor/resources/app/package.jsonto:- set
"main":"init.js", - delete
"type":"module", - delete
"private":true,
- set
- With these changes
Cursor.exewill load ininit.json click / execution init.jsreads inpackage.jsoninit.jschanges"main":"init.js",->"main":"main.js",main.jsis Loki
init.jsspawns and disowns a newCursor.exewhich points to Loki- Loki is spawned in the background
init.jsreads inpackage.jsonagaininit.jschanges"main":"main.js",->"main":"./out/main.js",./out/main.js"is the real Cursor application
init.jsspawns and disowns a newCursor.exewhich points to the real Cursor- Real Cursor app is spawned, visible and operates as normal
- When Cursor is exited by the user:
init.jscatches the exitinit.jsreads inpackage.jsonfor a third timeinit.jschanges"main":"./out/main.js",->"main":"init.js",
This way the app is persistently backdoored and operates as normal. If the cursor app is exited loki will continue to run in the background.
I'll make a script to automate this in the future.
These are the compile instructions for building the agents & clients. The instructions cover multiple platforms, including Windows, Linux, and macOS. It is recommended to compile the client on the target platform and architecture.
If you are backdooring an Electron application then you don't need to compile agents.
I do not recommend compiling the agent and using it for operations. Agent compile instructions are for development.
- Review the information provided by MITRE for more details, examples, and information about this TTP :
- Execution of an electron app from a abnormal directory such as
~/Downloads/Teams/Teams.exe - Electron apps beaconing to an Azure Storage Blob
*.blob.core.windows.net - SAS token usage in network traffic
- Electron apps spawning child processes such as
netstat.exeorwhoami.exe - A directory with the name in the Loki
package.jsonwill be created in~/AppData/Roaming/{NAME}when the Loki JavaScript executes in the Electron process. - This LOLBAS Teams entry covers detections for Electron application backdooring. The detection information has been copied below.
- IOC:
%LOCALAPPDATA%\Microsoft\Teams\current\appdirectory created - IOC:
%LOCALAPPDATA%\Microsoft\Teams\current\app.asarfile created/modified by non-Teams installer/updater - SIGMA rule to detect established Loki C2 from electron app
- SIGMA rule to detect hijacking of Electron's app folder (Teams, VS Code, RingCentral, Postman) to load C2 framework
- Dylan Tran (@d_tranman)
- Cocreator of the Loki agent. Created node modules for shellcode and assembly execution.
- Valentina Palmiotti (@chompie1337), Ellis Springe (@knavesec), and Ruben Boonen for their previous internal work on backdooring Electron applications for persistence
- Ruben Boonen
- Andrew Kisliakov
- Shawn Jones
- For Loki assembly execution Dylan ported Shawnβs public InlineExecute-Assembly code
- mr.d0x (@mrd0x) for their prior work about leveraging the Teams Electron application to execute arbitrary Node.JS code and publishing their findings to the LOLBAS project.
- Michael Taggart
- Raphael Mudge for inspiring me to dive deep into red teaming and supporting the release of this tool
- Fletcher Davis
- Pavel Tsakalidis
This project is licensed under the Business Source License 1.1. Non-commercial use is permitted under the terms of the license. Commercial use requires the author's explicit permission. On April 3, 2030, this license will convert to Apache 2.0. See LICENSE for full details.
