Security News > 2021 > July > Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru.
On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum.
"Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab, part of the University of Toronto, said in its report.
The idea being, it seems, to lure visitors to webpages that exploited browser, Microsoft Office, and Windows bugs to not only infect PCs with DevilsTongue but also grant the spyware admin-level access.
Microsoft was able to fix the operating system flaws exploited by Candiru's software in this month's Patch Tuesday after Citizen Lab obtained a hard drive from "a politically active victim in Western Europe," it said.
"Based on our analysis, we assess that the Chrome and Internet Explorer exploits ... were developed and sold by the same vendor providing surveillance capabilities to customers around the world," Googlers Maddie Stone and Clement Lecigne noted, adding: "Citizen Lab published a report tying the activity to spyware vendor Candiru."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/16/microsoft_candiru_malware/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)