Candiru Spyware used zero-day vulnerability in Google Chrome to spy on journalists
Image courtesy:googlechrome/Twitter
On Thursday, The Israeli spyware vendor Candiru has been found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the ‘DevilsTongue’ spyware.
The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if it gets exploited, may lead to code execution on the target device.
When Google patched the zero-day on July 4th, it revealed that the flaw was under active exploitation but provided no further details.
According to Bleeping Computer, in a report published earlier today, Avast’s threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.
According to Avast, in March 2022, Candiru started exploiting CVE-2022-2294, targeting users in Lebanon, Turkey, Yemen, and Palestine. The spyware operators employed common watering hole attack tactics, compromising a website their targets will visit and exploiting an unknown vulnerability in the browser to infect them with spyware.
“This attack is particularly nasty because it requires no interaction with the victim, such as clicking on a link or downloading something. Instead, all that’s needed is for them to open the site in Google Chrome or another Chromium-based browser,” a source as per Bleeping Computer.
