JAKARTA - Google's Threat Analysis Group (TAG) has succeeded in finding hackers with citizens of the United Arab Emirates (UAE) as targets, where they often use the original Samsung Android browser.
In November 2022, Google first revealed the whereabouts of a less well-known spyware vendor named Variston, based in Barcelona, Spain. Now, along with a recent report Google reveals how hackers are using the tool.
Hackers use the one-time link method sent to the target via SMS on devices located in the UAE.
The link will direct users to an identical take-off page to those examined by TAG within Heliconia's framework, developed by commercial spyware vendor Variston.
The exploit chain eventually presents a full-featured Android spyware package written in C++, covering a library to decrypt and capture data from various chat and browser applications.
"Actors who use the exploit chain to target UAE users may be Variston customers or partners, or work closely with spyware vendors," said TAG Google in an official blog post.
However, TAG said it was unclear who was behind the hacking campaign. It didn't stop there, TAG was still the same year, they also found a chain of exploitation with 0 days affecting Android and iOS users, in the form of bit.ly links sent via SMS to grow spyware remotely on users' devices.
The users of Apple and Google's operating systems are mostly located in Italy, Malaysia and Kazakhstan. When clicked, the link will direct visitors to the pages hosting exploits for Android or iOS.
Then direct them to legitimate websites such as pages to track Italian-based BRT shipping and logistics companies or popular Malaysian news websites.
Apple then patched a bug a month later, they realized there was an active vulnerability to the iOS version released before iOS 15.1.
Hackers also used the second iOS vulnerability described as PAC bypass engineering fixed by Apple in March 2022, which Google researchers say is the exact technique used by North Macedonia spyware developer Cytrox to install its predator spyware.
With the discovery of this new hacking campaign, it should be a reminder that the commercial spyware industry continues to grow rapidly.
Even smaller surveillance vendors have access to 0-days, and vendors hoard and use the 0-day vulnerability in secret pose a huge risk to the Internet, "said TAG Google, quoted via TechCrunch, Thursday, March 30.
"This campaign can also show that exploits and techniques are shared among surveillance vendors, enabling the proliferation of malicious hacking tools," he added.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)