Candiru Spyware Targeted Journalists in the Middle East by Exploiting Chrome Zero Day

Alleged Russian attack spread misinformation across Ukrainian radio stations, Biden administration probes use of Huawei cell tower gear near military bases, Google backtracks on permission apps, more

Researchers at Avast linked the discovery of an actively exploited but since-fixed zero day vulnerability in Google Chrome to Candiru, also known as Saito Tech, to an Israeli spyware maker targeting journalists in the Middle East. Candiru was sanctioned last year by the U.S. Commerce Department for engaging in activities contrary to U.S. national security.

Avast said it observed Candiru in March using the Chrome zero-day exploit for targeting individuals in Turkey, Yemen, and Palestine and journalists in Lebanon, where Candiru compromised a website used by employees of a news agency. The Chrome zero-day exploit planted on the Lebanese news agency’s website was designed to collect about 50 data points from a victim’s browser, including its language, timezone, screen information, device type, browser plugins, and device memory, likely to ensure that only the…