Google has published new details on multiple zero-days and n-days vulnerabilities that different threat actors have been using to compromise Android, iOS, and Chrome devices.
In an analysis (opens in new tab) published on its security blog, Google said it spotted threat actors targeting iOS users with vulnerabilities classified as CVE-2022-42856 and CVE-2021-30900.
These vulnerabilities allowed hackers to install commercial spyware and malware on target endpoints (opens in new tab), which among other things, included installing location trackers, Google’s team said.
The same threat actors targeted Android devices with ARM GPUs for CVE-2022-4135, CVE-2022-38181, and CVE-2022-3723. They used these flaws to install unknown types of malware, the researchers explained.
“When ARM released a fix for CVE-2022-38181, several vendors, including Pixel, Samsung, Xiaomi, Oppo and others, did not incorporate the patch, resulting in a situation where attackers were able to freely exploit the bug for several months,” the analysis reads.
In a separate campaign, Google observed threat actors targeting United Arab Emirates’ users of Samsung’s Internet Browser, going for CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, and CVE-2023-0266. They would use these flaws to deploy C++ spyware which allowed them, among other things, to extract and decrypt data from different chat and browser apps.
The attackers were “highly targeted”, Google said.
“These campaigns may also indicate that exploits and techniques are being shared between surveillance vendors, enabling the proliferation of dangerous hacking tools.”
Google’s Threat Analysis Group (TAG), which published the report, was basically tipped off by Amnesty International’s Security Lab, BleepingComputer reports, as this organization published information regarding domains and infrastructure used in these attacks.
“The newly discovered spyware campaign has been active since at least 2020 and targeted mobile and desktop devices, including users of Google’s Android operating system,” Amnesty International said in its own report. “The spyware and zero-day exploits were delivered from an extensive network of more than 1000 malicious domains, including domains spoofing media websites in multiple countries.”
Via: BleepingComputer (opens in new tab)