Candiru Spyware Targeting Journalists by Exploiting Google Chrome Zero-Day

It was found by a Czech cybersecurity firm Avast that the Candiru, or Saito Tech, was directly linked to the exploitation of the Google Chrome zero-day flaw. Candiru has had a history of using previously unknown flaws to their advantage by deploying Windows malware. This malware was named DevilsTongue and had a modular implant with Pegasus-like capabilities. 

After the revelation, Candiru has added to the entity list by the US Commerce Department for engaging in malicious cyber activities. Candiru was joined by NSO Group, Positive Technologies, and Computer Security Initiative Consultancy PTE. LTD. 

Candiru mainly took advantage of a vulnerability called CVE-2022-2294, which is memory corruption. This corruption occurs in the WebRTC component of the Google Chrome browser leading to shellcode execution. 

The same issue was found in Apple’s Safari and Microsoft’s Edge browsers but has since been patched. Google also addressed the issue in July.

These findings by Avast bring to light the multiple attack campaigns that Israeli hack-for-hire vendors have mounted. They had previously been inactive but have now returned with a revamped toolset in March 2022. The main target of their attacks seems to be users in Palestine, Yemen, Turkey, and Lebanon.

The users are being attacked by watering hole attacks, which use zero-day exploits for Google Chrome. The infection sequence commences with the attacker compromising a news agency website by injecting malicious JavaScript code. 

Spotted first in Lebanon, the attackers would inject the malicious code through an actor-controlled domain responsible for redirecting potential victims to an exploitative server. Through this watering hole technique, a profile is created consisting of 50 data points about the victim’s profile.

The data collected includes screen information, device type, referrer, timezone, screen information, language, browser plugins, etc.

Read also:

By Abdul Wahab

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.

Show Buttons
Hide Buttons