Skip to main content

One post tagged with "launch-order"

View All Tags
PartialRemote access

XPoint / bet365 MI: RustDesk evades detection when launched after the geolocation client (launch-order flaw)

Xpointbet365
xpointbet365-mirdprustdesklaunch-order

Source. June 2, 2026 weekly sync.
Ticket. CIV-64: MI advanced spoofing retest.

What we tested

RustDesk remote access against bet365 MI (XPoint) on both Windows and macOS, varying the launch order of RustDesk relative to the XPoint geolocation client.

What happened

  • RustDesk launched before XPoint → flagged immediately.
  • RustDesk opened after XPoint was already active → undetected on both Windows and macOS. Over 50 consecutive location checks passed with the remote tool running.
  • Detection only resumed once the XPoint client was manually rebooted.

Why it matters

The behaviour points to a one-time startup scan for prohibited software rather than real-time monitoring. The vulnerability stems from a predictable initialization sequence: an adversary who recognises the pattern can bypass desktop geolocation on bet365 MI simply by activating remote access after launch — a repeatable, low-effort gap that leaves a notable regulatory exposure open for the duration of a session.

Cross-reference

Xpoint profile → · June 2 weekly sync →