Candiru Spyware Targeted Journalists in the Middle East by Exploiting Chrome Zero Day
Alleged Russian attack spread misinformation across Ukrainian radio stations, Biden administration probes use of Huawei cell tower gear near military bases, Google backtracks on permission apps, more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Researchers at Avast linked the discovery of an actively exploited but since-fixed zero day vulnerability in Google Chrome to Candiru, also known as Saito Tech, to an Israeli spyware maker targeting journalists in the Middle East. Candiru was sanctioned last year by the U.S. Commerce Department for engaging in activities contrary to U.S. national security.
Avast said it observed Candiru in March using the Chrome zero-day exploit for targeting individuals in Turkey, Yemen, and Palestine and journalists in Lebanon, where Candiru compromised a website used by employees of a news agency. The Chrome zero-day exploit planted on the Lebanese news agency’s website was designed to collect about 50 data points from a victim’s browser, including its language, timezone, screen information, device type, browser plugins, and device memory, likely to ensure that only the…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.