The Threat Analysis Group (TAG) of Google unveiled recently that commercial spyware vendors targeted Android and iOS devices using zero-day vulnerabilities patched last year.
In November 2022, the first campaign was discovered by security analysts targeting iOS and Android users. While in that campaign, it was identified that the attackers used separate exploit chains to hack both platforms.
As far as targeting was concerned, both campaigns had a very distinct and limited target audience base. They exploited the time gap between the release and deployment of a fix to targeted devices.
Governments that couldn’t develop these capabilities in-house are armed with these hacking tools. Depending on the national or international laws in place, it may be legal for surveillance technologies to be used.
Governments often target the following entities through the use of these surveillance tools and technologies:-
A TAG analysis of bit(.)ly links sent over text messages to users in the following countries in November 2022 identified exploit chains with 0-day exploits affecting Android and iOS platforms:-
All the victims are redirected to the malicious pages containing the exploits for Android or iOS, which happens when users click on the links. After that, certainly, they were redirected to genuine websites.
The genuine websites where the threat actors redirect the users are:-
Here below, we have mentioned all the vulnerabilities that the threat actors exploit during these two campaigns:-
A C++-based spyware suite for Android was successfully deployed at the end of the exploit chain. It contained libraries developed to decrypt and extract data from various browsers and chat applications.
Amnesty International’s Security Lab shared information about discovering these exploit chains due to its findings.
Here below, we have mentioned all the related IOCs:-
Google has already reported all these vulnerabilities to the vendors to protect the users.
If Google doesn’t recognize the quick response and patching of these vulnerabilities by the following companies that need to address them will be remiss:-
Patching is one of the most important things that need to be accomplished. However, these exploit chains would not be able to impact a user who had a fully updated device.
As a result of such campaigns, it is important to remember that the commercial spyware market continues to flourish.
0-day vulnerabilities are accessible to even small surveillance vendors. The Internet is at high risk when vendors stockpile and use 0-day vulnerabilities in secret since they pose a serious security risk for users.
Are You a Pentester? – Try Free Automated API Penetration Testing
Iranian APT42 Deploys Custom Android Spyware to Spy on Targets of Interest
24-Year-Old Australian Hacker Arrested For Creating and Selling Spyware
Google Chrome 0-Day Vulnerability Exploited in The Wild To Deploy Spyware
ISPs Helped Hackers to Infect Smartphones with Hermit Spyware
A New zero-click iMessage Exploit Used to Install NSO Group Spyware on iPhones
The third Beta version of Security Onion 2.4 is made available by Security Onion Solutions.…
The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle…
Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their…
This vulnerability exists due to improper processing, validation, and sanitization of the names of the…
This vulnerability could be used by authors on a site to manipulate any files in…
In today's interconnected world, where digital communication and transactions dominate, phishing attacks have become an…