Security News > 2021 > July > Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru.
On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum.
"Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab, part of the University of Toronto, said in its report.
The idea being, it seems, to lure visitors to webpages that exploited browser, Microsoft Office, and Windows bugs to not only infect PCs with DevilsTongue but also grant the spyware admin-level access.
Microsoft was able to fix the operating system flaws exploited by Candiru's software in this month's Patch Tuesday after Citizen Lab obtained a hard drive from "a politically active victim in Western Europe," it said.
"Based on our analysis, we assess that the Chrome and Internet Explorer exploits ... were developed and sold by the same vendor providing surveillance capabilities to customers around the world," Googlers Maddie Stone and Clement Lecigne noted, adding: "Citizen Lab published a report tying the activity to spyware vendor Candiru."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/16/microsoft_candiru_malware/
Related news
- Android spyware 'Mandrake' hidden in apps on Google Play since 2022 (source)
- New Mandrake Spyware Found in Google Play Store Apps After Two Years (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft Patched 6 Actively Exploited Zero-Day Flaws (source)
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)