Security News > 2024 > February > Google Threat Analysis Group’s Spyware Research: How CSVs Target Devices and Applications

Google is currently tracking more than 40 CSVs, most of which are highly technical with the ability to develop spyware and zero-day exploits to compromise their targets, particularly on Android and iOS devices.

Read details about what CSVs target, how spyware is used, CSVs' harmful impact on individuals and society and how businesses can mitigate these cybersecurity threats.

Google estimates the number of CSVs worldwide is impossible to count; also, CSVs may change their names multiple times to avoid public scrutiny, often in response to exposure or direct legal actions against them.

Google products are heavily targeted by CSVs. According to Google, CSVs are behind half of the known zero-day exploits targeting Google products such as Chrome and the Android ecosystem, which is not surprising, as CSVs mostly run spyware targeting either Android or iOS mobile phones.

Google's Threat Analysis Group has observed an acceleration in the discovery of zero-day exploits, including those attributed to CSVs. From 2019 to 2023, 53 zero-day exploits were discovered, and 33 of them were attributed to CSVs. CSVs can cost several million USD. The price tags for CSVs' services can be in the millions.

How vulnerability researchers protect against CSVs. Actors in the vulnerability research field help protect against CSVs by reporting vulnerabilities to software vendors so that zero-day vulnerabilities get patched, yet the time of reaction from the initial report to the release of the patch might take weeks or months.

News URL

https://www.techrepublic.com/article/google-threat-analysis-group-spyware/