Malware 'Dante' Attacks Chrome Users Through Zero-Day Gaps, Allegedly Made By Italian Companies

'Dante' malware is classified as commercial spyware (photo: x @StringsVsAtoms)

The cyber world was again rocked by a new report from Kaspersky revealing the spread of a dangerous malware called 'Dante', which takes advantage of a zero-day gap in Google Chrome. This exploitation is carried out via phishing email that directs victims to malicious sites, then executes the code without the user's knowledge.

Although known to be safe, Chrome turned out to be not a fort without a gap. According to a Bleeping Computer report, the attack targeted a number of institutions in Russia, including media, educational institutions, and financial institutions. Malware 'Dante' itself is classified as a commercial spyware, allegedly developed by an Italian company called Memento Labs, formerly known as a Hacker Team name that was controversial because of its involvement in the provision of digital espionage tools.

Kaspersky explained that the attack began when the victim received a fake invitation email to attend the Primakov Readings forum, a prestigious academic event in Russia. When the recipient clicked on the link in the email, they were directed to a legitimate website, then the behind-the-scenes system verified visitors before executing the zero-day exploit in Chrome. Once the gap is exploited, the Dante malware is downloaded and installed secretly on the victim's device.

From Operation ForumTroll to official report

The attack was first detected in March 2025 as part of a cyber operation called Operation ForumTroll, which is suspected of focusing on targeting Russian institutions. However, technical details on how malware works and its deployment lines have only been published in depth by Kaspersky recently.

According to reports, 'Dante' is capable of monitoring user activity, stealing data, and sending confidential information to a command-and-control server that is operated anonymously. Kaspersky also found that several other tools in the operation had source codes similar to Memento Labs' old projects, strengthening their alleged involvement.

Although technical evidence points to Memento Labs, Kaspersky and Bleeping Computer both emphasize that there is no absolute confirmation of who is behind this exploit. It is possible that other parties use the company's technology to carry out attacks independently.

Once this zero-day gap is identified, Google will immediately release a security update for Chrome to cover the Dante vulnerabilities. Users are advised to immediately update the browser to the latest version and be more alert to suspicious emails, especially those requesting link or download click.

This case serves as a reminder that even the most popular platforms are not immune to zero-day attacks, and that phishing is still the world's main weapon of cyberspace is simple, but very effective. The digital world continues to emphasize one thing: security is not about devices, but about how quickly we recognize the scam