Google researchers detected two spyware campaigns that were using various zero-day exploits alongside n-day exploits to target Android, iOS, and Chrome.
The campaigns were found to be taking advantage of the time gap between releasing the zero-day bug fix and its deployment in end-user’s device.
The first campaign targeted users by sending short links using text messages that would lead them to a website that delivered the exploit. The link would then redirect them to legitimate websites such as the page to track shipments, or a popular Malaysian website to avoid detection
The campaign was also found to be sharing the GPS location of devices while allowing attackers to install application archive files on iOS devices, Google’s Threat Analysis Group said in a blog post.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
In Android, the campaign was found to target phones with ARM GPU running Chrome and were using Intent Redirection to deliver three exploit loads.
The second campaign, discovered by Amnesty International, contained a complete exploit chain consisting of multiple zero-day vulnerabilities targeting the latest versions of Samsung’s internet browser.
The campaign was found to be using a landing page identical to the one developed by commercial spyware vendor Variston to deliver exploits. These exploits were found to deliver a fully featured Android spyware suite that included libraries for decrypting and capturing data from various chat and browser applications.
The campaigns, bearing the hallmarks of state-sponsored campaigns, affected users in Italy, Malaysia, and Kazakhstan, while the second campaign was found to target users in the United Arab Emirates (UAE).
“Unscrupulous spyware companies pose a real danger to the privacy and security of everyone. We urge people to ensure they have the latest security updates on their devices,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.
In a step to address spyware, the U.S. President, on Monday, signed an executive order restricting the government’s use of commercial spyware technology that poses a threat to human rights.
