It has recently come forth that Google Chrome zero-day is being targeted by an Israeli Spyware vendor, Candiru. The spyware in question goes by the name of 'DevilsTongue.' It is being targeted toward high-profile personas and journalists for exploitation.
We can blame Google here because when they launched Zero Day earlier this month, they also announced that the flaw was under exploitation however refused to comment anymore. Even when the spyware was discovered, it was done so by Avast. It did so by investigating some of its clients. When found, they immediately reported it to Google.
Candiru started its work back in May. Its main targets at the time were Lebanon, Palestine, Lebanon, and Turkey. The worst thing about the software is that it does not require direct contact with the user. The spyware doesn't ask users to click links or open up any Software. Simply opening up Chrome or Chrome-based browsers will get the job done.
The data collected after carefully filtering out which victim to target includes a lot of personal information. This includes the victim's language, time zone, device memory, a browser plug-in, referrer, and similar items.
As for Avast, when they tried recovering how the system works through one of their cases, it was a closed end. The whole execution took place as a shellcode execution and has a sandbox flaw attached as well. This made it impossible for Avast to work out. They did find out that even if Google tries to update the Zero-day, escaping the spyware will not be possible since the vulnerable version will still be attached.
Avast was successful in coming up with a possible theory of attack though. The reason why Candiru targeted journalists was to either steal or take a look at their stories. What other reason could be behind the selective interest in just journalists?
As a preventative measure, Apple is going to launch a new ‘Lockdown Mode’ which will restrict excessive access. As for Google, they will have to implement new Zero-days. Until then, no one is safe.
Read next: Google Chrome Is Working On A Desktop Biometric Verification For Its Password Manager
We can blame Google here because when they launched Zero Day earlier this month, they also announced that the flaw was under exploitation however refused to comment anymore. Even when the spyware was discovered, it was done so by Avast. It did so by investigating some of its clients. When found, they immediately reported it to Google.
Candiru started its work back in May. Its main targets at the time were Lebanon, Palestine, Lebanon, and Turkey. The worst thing about the software is that it does not require direct contact with the user. The spyware doesn't ask users to click links or open up any Software. Simply opening up Chrome or Chrome-based browsers will get the job done.
The data collected after carefully filtering out which victim to target includes a lot of personal information. This includes the victim's language, time zone, device memory, a browser plug-in, referrer, and similar items.
As for Avast, when they tried recovering how the system works through one of their cases, it was a closed end. The whole execution took place as a shellcode execution and has a sandbox flaw attached as well. This made it impossible for Avast to work out. They did find out that even if Google tries to update the Zero-day, escaping the spyware will not be possible since the vulnerable version will still be attached.
Avast was successful in coming up with a possible theory of attack though. The reason why Candiru targeted journalists was to either steal or take a look at their stories. What other reason could be behind the selective interest in just journalists?
As a preventative measure, Apple is going to launch a new ‘Lockdown Mode’ which will restrict excessive access. As for Google, they will have to implement new Zero-days. Until then, no one is safe.
Read next: Google Chrome Is Working On A Desktop Biometric Verification For Its Password Manager
