Sign In

Communications of the ACM

ACM TechNews

Hackers Used Four Zero-Days to Infect Windows, Android Devices


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
 The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by targets of interest and lace the sites with code that installs malware on visitors devices.

Google researchers uncovered a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Credit: Getty Images

Investigators with Google's Project Zero exploit research team reported a hacking campaign that involved four zero-day exploits—one in Chrome and three in Windows—to install malware on Android and Windows devices.

The hackers waged watering-hole attacks, which compromise websites frequented by targets of interest and taint them with code that installs malware on visitors' devices.

A Project Zero researcher wrote, "These exploit chains are designed for efficiency and flexibility through their modularity," adding that the exploits were likely crafted by teams of experts.

The attackers enabled remote code execution via the Chrome zero-day and several recently patched Chrome vulnerabilities, with all the zero-days employed against Windows users.

No zero-days were used to hack Android devices, but the researchers believe the hackers had such zero-days in their arsenal; they hope their disclosure of the exploits will help the security community to more effectively counter such complex malware campaigns.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found