Investigators with Google's Project Zero exploit research team reported a hacking campaign that involved four zero-day exploits—one in Chrome and three in Windows—to install malware on Android and Windows devices.
The hackers waged watering-hole attacks, which compromise websites frequented by targets of interest and taint them with code that installs malware on visitors' devices.
A Project Zero researcher wrote, "These exploit chains are designed for efficiency and flexibility through their modularity," adding that the exploits were likely crafted by teams of experts.
The attackers enabled remote code execution via the Chrome zero-day and several recently patched Chrome vulnerabilities, with all the zero-days employed against Windows users.
No zero-days were used to hack Android devices, but the researchers believe the hackers had such zero-days in their arsenal; they hope their disclosure of the exploits will help the security community to more effectively counter such complex malware campaigns.
From Ars Technica
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found