An Example of Possible Threats in the Invoke Code Activity

Embedding malicious code in text-based containers, such as XML files, is not difficult. To analyze this possibility I tried this morning to embed a threat into the Invoke Code Activity. However, I would still like to explicitly point out that this is possible with all RPA platforms, that store their workflow data on this way. This is not a problem with UiPath and it is not a security risk with the products of UiPath. I would only like to clarify the CISA Insight in a possible approach.

For my experiment I used the EICAR test string. This is completely harmless and should prompt any virus scanner to report it immediately. The European Institute for Computer Antivirus Research (EICAR) has developed that for this purpose.

My code contains only two lines. The first line is the EICAR test string as an array of bytes, to exclude textual detection of the malicious code in advance. And with the second line the code is written in a file, here the virus scanner becomes active when I run the automation workflow.

byte[] EICARTestString = new byte[] { 0x58, 0x35, 0x4F, 0x21, 0x50,
  0x25, 0x40, 0x41, 0x50, 0x5B, 0x34, 0x5C, 0x50, 0x5A, 0x58, 0x35,
  0x34, 0x28, 0x50, 0x5E, 0x29, 0x37, 0x43, 0x43, 0x29, 0x37, 0x7D,
  0x24, 0x45, 0x49, 0x43, 0x41, 0x52, 0x2D, 0x53, 0x54, 0x41, 0x4E,
  0x44, 0x41, 0x52, 0x44, 0x2D, 0x41, 0x4E, 0x54, 0x49, 0x56, 0x49,
  0x52, 0x55, 0x53, 0x2D, 0x54, 0x45, 0x53, 0x54, 0x2D, 0x46, 0x49,
  0x4C, 0x45, 0x21, 0x24, 0x48, 0x2B, 0x48, 0x2A };

File.WriteAllBytes(Directory.GetCurrentDirectory() + 
  @"\Test.txt", EICARTestString);

Windows Security has found a threat.

Serious threat EICAR found.

The following points can help mitigate this risk:

  1. Prohibition of the use of obfuscation technique in the code.
  2. Use of the four-eyes principle in the development of the automation workflow.

Do you know any more points?

This also results in interesting combinations with the integration scenarios.

Let us talk to look at this perspective more intensively.

GenerateEICARTestFile.xaml (4.7 KB)