Google Reveals Two Spyware Campaigns Involving Zero Day Flaws
Microsoft patched serious bug in Bing, Thousands of individuals and companies targeted in hack-for-hire campaign, FDA medical device security rules kick in, Lawmakers say DEA still pays for data, more
Researchers from Google revealed two targeted spyware campaigns involving several zero-day exploits for Android, iOS, and mobile versions of the Chrome browser.
One campaign targeted people in Italy, Malaysia, and Kazakhstan, while the other operated in the United Arab Emirates (UAE). In the first campaign, identified in November 2022, the hackers installed a tool to track the location of devices in Italy, Malaysia, and Kazakhstan. The TAG researchers found that hackers delivered the spyware to Android and Apple devices through bit.ly links sent over SMS.
When victims clicked on the links, they were taken to a webpage that installed spyware for either device brand and then redirected to the “track shipments” page for Italian-based shipment and logistics company BRT or a popular Malaysian news website.
The goal of the second campaign, uncovered in December 2022, was the installation of a spyware suite that allowed hackers to decrypt data and steal info…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.