Google has released new details about several zero-day and n-day vulnerabilities that various threat actors have used to compromise Android, iOS, and Chrome devices.
In an analysis - opens in a new tab - published on its security blog, Google said it detected threat actors targeting iOS users with vulnerabilities categorized as CVE-2022-42856 and CVE-2021-30900.
These vulnerabilities allowed hackers to install spyware and commercial malware on targeted devices (opens in a new tab), which, among other things, included installing location trackers, the Google team said.
long campaigns
The same threat actors targeted Android devices with ARM GPUs for CVE-2022-4135, CVE-2022-38181, and CVE-2022-3723. They used these flaws to install unknown types of malware, the researchers explained.
"When ARM released a patch for CVE-2022-38181, several vendors including Pixel, Samsung, Xiaomi, Oppo and others failed to implement the patch, resulting in a situation where attackers were free to exploit the bug for several months," the statement said. analysis said.
In a separate campaign, Google looked at threat actors targeting UAE users of Samsung's internet browser, targeting CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, and CVE-2023- 0266. They would use these flaws to implement C++ spyware that would allow them, among other things, to extract and decrypt data from different chat and browser applications.
The attackers were "highly targeted," Google said.
"These campaigns may also indicate that surveillance providers share exploits and techniques, allowing for the proliferation of dangerous hacking tools."
Google's Threat Analysis Group (TAG), which published the report, was notified by Amnesty International's security lab, BleepingComputer reports, because that organization published information about the domains and infrastructure used in these attacks.
“The newly discovered spyware campaign has been active for at least 2020 and is targeting mobile and desktop devices, including users of Google's Android operating system,” Amnesty International said in its own report. "The spyware and zero-day exploits were delivered from a large network of more than 1000 malicious domains, including domains that spoof media websites in multiple countries."
Via: BleepingComputer (Opens in a new tab)