Encircle News!

Retro Game Arcade
, , , , , ,

Hackers used spyware made in Spain to target users in the UAE, Google says

Lorenzo Franceschi-Bicchierai

In November 2022, Google revealed the existence of a then-unknown spyware vendor called Variston. Now, Google researchers say they have seen hackers use Variston’s tools in the United Arab Emirates.

In a report published on Wednesday, Google’s Threat Analysis Group (TAG) said it discovered hackers targeting people in the UAE who used Samsung’s native Android browser, which is a customized version of Chromium. The hackers used a set of vulnerabilities chained together and delivered via one-time web links sent to the targets by text message. Of the four vulnerabilities in the chain, two were zero-days at the time of the attack, meaning they had not been reported to the software maker and were unknown at that point, according to the new blog post by TAG.

If a target clicked on the malicious web links, they would have been directed to a landing page “identical to the one TAG examined in the Heliconia framework developed by commercial spyware vendor Variston.” (Both campaigns used the same exact and unique landing page, Google told TechCrunch. Once exploited the victim would have been infected with “a fully featured Android spyware suite” designed to capture data from chat and browser apps, according to the post.

“The actor using the exploit chain to target UAE users may be a customer or partner of Variston, or otherwise working closely with the spyware vendor,” the blog post read.

It’s unclear who is behind the hacking campaign or who the victims are. A Google spokesperson told TechCrunch that TAG observed about 10 malicious web links in the wild. Some of the links redirected to StackOverflow after exploitation and may have been the attacker’s test devices, Google said. TAG said it wasn’t clear who was behind the hacking campaign.

Samsung did not respond to a request for comment.

Ralf Wegener and Ramanan Jayaraman are the founders of Variston, according to Intelligence Online, an online news publication that covers the surveillance industry. Neither founder responded to a request for comment. Variston is headquartered in Barcelona, Spain. According to business registration records in Italy, Variston acquired the Italian zero-day research company Truel in 2018.

Google also said on Wednesday that it discovered hackers exploiting an iOS zero-day bug, patched in November, to remotely plant spyware on users’ devices. The researchers say they observed attackers abusing the security flaw as part of an exploit chain targeting iPhone owners running iOS 15.1 and older located in Italy, Malaysia and Kazakhstan.

The flaw was found in the WebKit browser engine that powers Safari and other apps, and was first discovered and reported by Google TAG researchers. Apple patched the bug in December, confirming at the time that the company was aware that the vulnerability was actively exploited “against versions of iOS released before iOS 15.1.”

Hackers also used a second iOS vulnerability described as a PAC bypass technique that was fixed by Apple in March 2022, which Google researchers say is the exact technique used by North Macedonian spyware developer Cytrox to install its Predator spyware. Citizen Lab previously released a report highlighting widespread government use of the Predator spyware.

Google also observed hackers exploiting a chain of three Android bugs targeting devices running an ARM-based graphics chip, including one zero-day. Google said ARM released a fix, but several vendors — including Samsung, Xiaomi, Oppo, and Google itself — did not incorporate the patch, resulting in “a situation where attackers were able to freely exploit the bug for several months,” Google said.

The discovery of these new hacking campaigns is “a reminder that the commercial spyware industry continues to thrive, says Google. “Even smaller surveillance vendors have access to 0-days, and vendors stockpiling and using 0-day vulnerabilities in secret poses a severe risk to the Internet.”

“These campaigns may also indicate that exploits and techniques are being shared between surveillance vendors, enabling the proliferation of dangerous hacking tools,” the blog read.

Spyware vendor Variston exploited Chrome, Firefox and Windows zero-days, says Google

Hackers used spyware made in Spain to target users in the UAE, Google says by Lorenzo Franceschi-Bicchierai originally published on TechCrunch

https://techcrunch.com/2023/03/29/hackers-variston-spyware-uae-google/

Follow Us

Featured Posts

September 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
30  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 998: Artisanal Locally-Sourced Dopamine – Amazon Returns to Office, CA AI Bill, Elon Backs Down This Week in Tech (Audio)

Amazon Returns to Office, CA AI Bill, Elon Backs Down Discussion of the iPhone 16 Qualcomm Approached Intel About a Takeover in Recent Days Hezbollah Pagers Explode in Apparent Attack Across Lebanon Elon Musk's X Backs Down in Brazil Bluesky tops 10 million users Newsom signs California bill to limit 'addictive' social media feeds for kids The AI bill driving a wedge through Silicon Valley Microsoft Would Restart Three Mile Island Nuclear Plant to Power AI Bill requiring AM radio in new cars gets closer to law Mozilla exits the fediverse and will shutter its Mastodon server in December Amazon tells employees to return to office five days a week Host: Leo Laporte Guests: Ben Parr, Alex Lindsay, and Rob Pegoraro Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: NetSuite.com/TWIT canary.tools/twit – use code: TWIT expressvpn.com/twit shopify.com/twit veeam.com
  1. TWiT 998: Artisanal Locally-Sourced Dopamine – Amazon Returns to Office, CA AI Bill, Elon Backs Down
  2. TWiT 997: Put an OLED on it – iPhone Event 2024, $700 PS5, AI in AU
  3. TWiT 996: The Quiet Office Crackdown – Starlink Backtracks, AI Royalty Heist
  4. TWiT 995: The Story of Us – AnandTech Shuts Down, Brazil Bans X, Alexa Revamp
  5. TWiT 994: Time Moves On, but I Don't – Pavel Durov Arrested, Hacking Bikes, Apple Event Rumors