Security News > 2021 > July > Microsoft: Israeli firm used Windows zero-days to deploy spyware
Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities.
The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.
The attackers delivered the DevilsTongue malware to victims' computers using an exploit chain that abused vulnerabilities in several popular browsers and the Windows operating system.
DevilsTongue allows its operators to collect and steal victims' files, decrypt and steal Signal messages on Windows devices, and steal cookies and saved passwords from LSASS and Chrome, Internet Explorer, Firefox, Safari, and Opera web browsers.
"DevilsTongue can also send messages as the victim on some of these websites, appearing to any recipient that the victim had sent these messages," as Microsoft researchers further found out.
"The protections we issued this week will prevent Sourgum's tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint."
News URL
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-33771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |
| 2021-07-14 | CVE-2021-31979 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |