Security News > 2022 > July > Chrome zero-day used to infect journalists with Candiru spyware

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.

In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.

The spyware operators employed common watering hole attack tactics, compromising a website their targets will visit and exploiting an unknown vulnerability in the browser to infect them with spyware.

Interestingly, Avast discovered that the BYOVD used by Candiru was also a zero-day, and even if the vendor pushes a security update, it won't help against the spyware because the vulnerable version comes bundled with it.

"We can't say for sure what the attackers might have been after however, often, the reason why attackers go after journalists is to spy on them and the stories they're working on directly or to get to their sources and gather compromising information and sensitive data they shared with the press." - Avast.

Commercial spyware vendors are known for developing or buying zero-day exploits to attack persons of interest for their clients.

News URL

https://www.bleepingcomputer.com/news/security/chrome-zero-day-used-to-infect-journalists-with-candiru-spyware/