Hackers used spyware made in Spain to target users in the UAE, Google says

In November 2022, Google reveal the existence of an unknown spyware vendor called Variston. Now, Google researchers say they’ve seen hackers using Variston’s tools in the United Arab Emirates.

in one The report is published on Wednesday, Google’s Threat Analysis Team (TAG) says it has discovered hackers targeting people in the UAE have been using Samsung’s stock Android browser, which is a customized version of Chromium. The hackers used a set of vulnerabilities that were chained together and delivered via one-time web links sent to targets by text message. Of the four vulnerabilities in the chain, two were zero-day at the time of the attack, meaning they had not been reported to the software maker and were unknown at the time, according to the post. TAG’s new blog.

If a target clicks on malicious web links, they will be redirected to a landing page “identical to a TAG checked in Heliconia frame developed by the commercial spyware vendor Variston.” (Both campaigns use the same exact and unique landing page, Google tells TechCrunch. Once exploited, victims are infected with a “full-featured Android spyware suite” designed to collects data from browser and chat apps, according to the post.

“Agent using the exploit chain to target UAE users could be a customer or partner of Variston, or work closely with a spyware vendor,” the blog post reads.

It is not clear who is behind the hacking campaign or who the victims are. A Google spokesperson told TechCrunch that TAG observed about 10 malicious web links in the real world. Google says some links are redirected to StackOverflow after the exploit and could be an attacker’s test device. TAG said it was not clear who was behind the hacking campaign.

Samsung did not respond to a request for comment.

Ralf Wegener and Ramanan Jayaraman are the founders of Variston, according to Online Knowledge, an online news publication covering the surveillance industry. Neither founder responded to a request for comment. Variston has its headquarters in Barcelona, ​​Spain. According to Italian business registration filings, Variston acquired Italian zero-day research firm Truel in 2018.

Google also said on Wednesday that it had discovered hackers exploiting the iOS zero-day bug, patched in November, to install spyware remotely on the user’s device. Researchers say they have observed attackers abusing the security vulnerability as part of an exploit chain targeting iPhone owners running iOS 15.1 or later in Italy, Malaysia, and Kazakhstan.

Vulnerability found in the WebKit browser engine that powers Safari and other apps, was first discovered and reported by Google TAG researchers. Apple patched the bug in December, confirming at the time that the company was aware that the vulnerability had been actively exploited “for iOS versions released before iOS 15.1”.

Hackers also used a second iOS vulnerability described as PAC . bypass technique was fixed by Apple in March 2022, which Google researchers say is the same technique used by North Macedonian spyware developer Cytrox to install its Predator spyware. Former Citizen Lab published a report highlighting the government’s widespread use of the Predator spyware.

Google also observed hackers exploiting a string of three Android bugs targeting ARM-based graphics chip devices, including a zero-day vulnerability. Google says ARM has released the fix, but some vendors – including Samsung, Xiaomi, Oppo and Google itself – have not integrated the patch, leading to “a situation where attackers can freely exploit exploit the bug for several months,” Google said.

Google said the discovery of these new attack campaigns was “a reminder that the commercial spyware industry continues to thrive. “Even smaller surveillance providers have access to zero-day vulnerabilities, and having them secretly stockpile and use zero-day vulnerabilities poses a serious risk for the Internet.”

“These campaigns may also indicate that exploits and techniques are being shared among surveillance providers, allowing the dissemination of dangerous hacking tools,” the blog reads.

Source by [author_name]


News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button