Israeli Spyware Vendor Uses Chrome 0day to Target Journalists

The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims in Palestine, Turkey, and Yemen and Lebanese journalists.

Antivirus firm Avast has identified a serious flaw in the Chrome browser. According to Avast’s report, the Chrome browser vulnerability, which Google patched earlier this month, is tracked as CVE-2022-2294.

The vulnerability is linked to Candiru aka Saito Tech, an Israel-based spyware vendor that offers governments hacking-for-hire services. It is worth noting that the flaw was identified by Avast and disclosed to Google on 1st July 2022, and a fix was released on 4th July with Chrome 103.

Vulnerability Details

Avast reported that someone exploited the zero-day flaw already to spy on Lebanese journalists. Like NSO Group’s Pegasus Spyware, Candiru’s spyware is also used by law enforcement agencies and governments to confront crime and terrorism.

However, as per Avast’s research, Candiru’s spyware was used to target political dissidents, journalists, and critics of authoritarian and repressive regimes. The US Commerce Department sanctioned Candiru for its involvement in anti-US activities.

Who Were the Targets?

According to Avast, Candiru used the Chrome zero-day in March 2022 to target people in Palestine, Turkey, and Yemen and Lebanese journalists. In Lebanon, Candiru also compromised a news agency website.

The screenshot shared by Avast shows the malicious code injected into the compromised website stylishblockcom

Avast malware researcher Jan Vojtěšek stated that it is currently unclear why the attackers targeted people in the Middle East, particularly journalists. However, the company is sure that its primary objective was to spy on them and collect sensitive data and information. Such an attack is a blatant violation of freedom of speech and press freedom.

How Was Zero-Day Exploited?

As per the Avast report, the attacker planted the Chrome zero-day exploit on the Lebanese news agency website to collect 50 data points from the target’s browser, which includes timezone, language, screen information, browser plugins, device type, and device memory.

Hence, the attacker ensured their target’s device was fully compromised before delivering the spyware payload, which Avast claims matches a Windows-based malware DevilsTongue and Microsoft uncovered it in a previous attack involving Candiru.

It is worth noting that this is government-grade spyware capable of stealing messages, call logs, and photos from the victim’s phone, as well as tracking their location in real-time. Users must quickly update the Chrome browser to stay protected. Separate patches have been released by Apple Safari and Microsoft Edge as these use WebRTC.

Your Chrome browser is likely one of the most important pieces of software on your computer. It’s where you do all your online work, so keeping it up-to-date is essential for your security and productivity. Here’s how to update Chrome on Windows, Mac, and Linux:

Windows: Open Chrome and go to the menu in the top right corner. Click “Help” and then “About Google Chrome.” If there’s an update available, you’ll be able to download it from there.

Mac: Open Chrome and go to the menu in the top left corner. Click “Chrome” and then “About Google Chrome.” If there’s an update available, you’ll be able to download it from there.

Linux: Open a terminal window and type “sudo apt update && sudo apt upgrade google-chrome-stable.

Related Posts