Security News > 2021 > July > Microsoft: Israeli firm used Windows zero-days to deploy spyware
Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities.
The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.
The attackers delivered the DevilsTongue malware to victims' computers using an exploit chain that abused vulnerabilities in several popular browsers and the Windows operating system.
DevilsTongue allows its operators to collect and steal victims' files, decrypt and steal Signal messages on Windows devices, and steal cookies and saved passwords from LSASS and Chrome, Internet Explorer, Firefox, Safari, and Opera web browsers.
"DevilsTongue can also send messages as the victim on some of these websites, appearing to any recipient that the victim had sent these messages," as Microsoft researchers further found out.
"The protections we issued this week will prevent Sourgum's tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint."
News URL
Related news
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-33771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
| 2021-07-14 | CVE-2021-31979 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |