Security News > 2022 > November > Google discovers Windows exploit framework used to deploy spyware

Google's Threat Analysis Group has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company.

While TAG is Google's team of security experts focused on protecting Google users from state-sponsored attacks, it also keeps track of dozens of companies that enable governments to spy on dissidents, journalists, and political opponents using surveillance tools.

The sample of this framework analyzed by Google contained a dummy agent that runs and exits without executing any malicious code.

During the attacks, the targets were prompted to install malicious apps in drive-by-downloads to get back online after their Internet connection was cut off with the help of their ISP. One month earlier, Google TAG exposed another surveillance campaign when state-backed threat actors exploited five zero-day bugs to install Predator spyware developed by commercial spyware developer Cytrox.

"The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups," Google TAG added today.

"These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry."

News URL

https://www.bleepingcomputer.com/news/security/google-discovers-windows-exploit-framework-used-to-deploy-spyware/