Security News > 2022 > May > Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks
A new report from Google's Threat Analysis Group exposes the use of five different zero-day vulnerabilities targeting Chrome browser and Android operating systems.
Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.
The new research from Google explains that Cytrox sells these new exploits to government-backed actors, who then used them in three different attack campaigns.
According to Google, it was sold by an exploit broker and probably abused by several surveillance vendors.
Analysis of the exploit identified two different Chrome vulnerabilities, CVE-2021-37973 and CVE-2021-37976.
After the sandbox escape was successful, the exploit downloaded another exploit to elevate the users privileges and install the implant.
News URL
https://www.techrepublic.com/article/packaged-zero-day-vulnerabilities-android-attacks/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37973 | Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |