In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.
Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.
It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.
A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.
Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.
Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.
In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.
Also Read: DDoS Attacks Are A Growing Threat In Gaming
Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.
Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.
Are You Ready For This Year’s GITEX Shopper Event?
We’re excited to be media partners of this year’s GITEX Shopper event, an extravaganza bringing together all the big names and retailers in electronics.
GITEX Shopper, the giant 5-day electronics extravaganza, is getting ready to open its doors to the public between December 14 and 18 at the Dubai World Trade Center.
The expo brings together all of the top electronic brands and retailers and features huge discounts on all the best tech, plus prize draws, new product launches, interactive displays and much more.
Visitors to GITEX Shopper will be able to grab all of the latest products at the best prices, from gaming consoles and speakers to drones, TV sets, and even e-scooters. This 5-day shopping extravaganza offers exclusive discounts on selected items that can’t be found elsewhere, and there are plenty of shows and demonstrations at the expo to keep the whole family entertained.
To join over 100,000 people at this year’s GITEX Shopper and grab some of 2022’s biggest bargains, head over to the official website to register your interest.