Google has released new details on a number of zero-day and n-day vulnerabilities that various attackers have used to target Android, iOS, and Chrome devices.
In analysis (opens in a new tab) published on its security blog, Google announced that it had detected cybercriminals targeting iOS users with vulnerabilities classified as CVE-2022-42856 and CVE-2021-30900.
These vulnerabilities allowed hackers to install commercial spyware and malware on targeted endpoints (opens in a new tab)which included the installation of location trackers, the Google team said.
Long campaigns
The same cybercriminals targeted Android devices with ARM GPUs for CVE-2022-4135, CVE-2022-38181 and CVE-2022-3723. The researchers explained that they used these vulnerabilities to install unknown types of malware.
“When ARM released the patch for CVE-2022-38181, several vendors including Pixel, Samsung, Xiaomi, Oppo and others did not include the patch, leaving attackers free to exploit the bug for several months,” the analysis reads. .
In a separate campaign, Google observed cybercriminals targeting users of Samsung’s web browser in the United Arab Emirates, exploiting vulnerabilities CVE-2022-4262, CVE-2022-3038, CVE-2022-22706 and CVE-2023-0266. They exploited these vulnerabilities to deploy C++ spyware, which allowed them, among other things, to extract and decrypt data from various chat and browser applications.
According to Google, the attackers were “highly targeted”.
“These campaigns may also indicate that vendors of surveillance software are sharing exploits and techniques, enabling the spread of dangerous hacking tools.”
The Google Threat Analysis Group (TAG), which released the report, was basically warned by the Amnesty International Security Lab that Beeping Computer reports because the organization has published information regarding the domains and infrastructure used in these attacks.
“The newly discovered spyware campaign has been active since at least 2020, targeting mobile and desktop devices, including users of Google’s Android operating system,” Amnesty International said in its own report. “The spyware and zero-day exploits were delivered from a vast network of over 1,000 malicious domains, including domains disguised as media websites in many countries.”
By: Beeping Computer (opens in a new tab)