Security News > 2022 > July > Chrome zero-day used to infect journalists with Candiru spyware
The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.
In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.
The spyware operators employed common watering hole attack tactics, compromising a website their targets will visit and exploiting an unknown vulnerability in the browser to infect them with spyware.
Interestingly, Avast discovered that the BYOVD used by Candiru was also a zero-day, and even if the vendor pushes a security update, it won't help against the spyware because the vulnerable version comes bundled with it.
"We can't say for sure what the attackers might have been after however, often, the reason why attackers go after journalists is to spy on them and the stories they're working on directly or to get to their sources and gather compromising information and sensitive data they shared with the press." - Avast.
Commercial spyware vendors are known for developing or buying zero-day exploits to attack persons of interest for their clients.
News URL
Related news
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)
- Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) (source)