Windows exploits and DevilsEye spyware are associated with the Israeli company Candiru

Specialists from ไมโครซอฟต์ และ Citizen Lab spoke about the DevilsEye spyware, which was developed by the Israeli company Candiru, and then sold to governments of different countries. DevilsEye detected at least 100 high-ranking targets on the systems, while 0-day vulnerabilities in browsers and Windows were used for infecting them.

The researchers say the Israeli company Candiru is behind the development of at least two exploits for zero-day vulnerabilities in Windows that have been used to attack and deploy the previously unknown DevilsEye spyware. This malware has affected politicians, human rights defenders, activists, journalists, นักวิชาการ, embassies and political dissidents around the world.

It is known that Candiru (Microsoft calls it the codename Sourgum) was founded in 2014. And although its vacancies have long made it clear that the company is engaged in cybersecurity issues, previously they knew almost nothing about Candiru’s activities. Now, thanks to reports from Microsoft and Citizen Lab, it’s clear that the company’s tools are helping its customers infect and take over control of iPhone, Android, Mac, พีซี, and cloud accounts.

Candiru is a secret Israeli company that exclusively sells spyware to governments.Citizen Lab said.

This spyware was first spotted by Citizen Lab researchers when they were conducting a cyber-forensic examination of a device belonging to an unnamedpolitical activist from Western Europe.By sharing their findings with Microsoft, researchers were able to locate at least 100 other DevilsEye victims in countries such as Palestine, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, ไก่งวง, Armenia, and Singapore.

DevilsEye spread by luring victims to malicious sites hosting an exploit kit that abused various browser vulnerabilities to install malware on victimsdevices. Subsequently, in the second phase of the attack, a Windows exploit was used to allow attackers to elevate their privileges to administrator level.Microsoft experts write.

The researchers emphasize that the chain of attacks was complex and exploited until recently unknown zero-day vulnerabilities: in the Chrome browser (CVE-2021-21166 และ CVE-2021-30551), in Internet Explorer (CVE-2021-33742), and two more in Windows (CVE-2021-31979 และ CVE-2021-33771). Currently, manufacturers have already fixed all these problems.

The first three vulnerabilities were already mentioned in a recent report from Google, which also linked attacks on vulnerabilities in Chrome and IE to an unnamedcommercial surveillance company.Google said the bugs were sold to at least two groups ofgovernment hackerswho used them to attack targets in Armenia. Now Google has updated its report and also links the exploitation of these problems with Israeli Candiru.

DevilsTongue enables its carriers to steal victimsfiles, decrypt and steal messages from Signal on Windows devices, and steal cookies and saved passwords from Chrome, อินเทอร์เน็ต เอ็กซ์พลอเรอร์, ไฟร์ฟอกซ์, Safari and Opera browsers.

DevilsTongue may also use cookies stored on the victim’s computer for sites such as Facebook, ทวิตเตอร์, Gmail, Yahoo, Mail.ru, Odnoklassniki and Vkontakte to collect confidential information, read messages and extract photos. On some of the listed sites, the spyware can even send messages on behalf of the victim to other people. Some of the anti-spyware tools can prevent such a behaviour, but stopping it requires additional efforts.

Citizen Lab analysts say that Candiru’s hack-for-hire capabilities far exceed what Google and Microsoft experts have predicted. According to Citizen Lab, more than 750 domains have already been discovered that hosted Candiru, including large clusters in the UAE and Saudi Arabia, suggesting that these two countries are some of the company’s largest customers.

Some of these domains have masked as human rights organizations such as Amnesty International, the Black Lives Matter movement, and media companies, leading experts to conclude that the attacks were mainly directed against activists.

Christine Goodwin, Microsoft’s head of digital security, writes that companies like Candiru have been supplying cyber weapons to attackers for years, and governments in many countries use these hacking tools against civil society members, not to track down criminals. Goodwin calls for the fight against such companies, whose products are actively used to violate human rights.

A world in which private sector companies manufacture and sell cyber weapons is becoming more dangerous for consumers, businesses of all sizes, and even governments.Goodwin writes.

You can also read here that BIOPASS malware uses OBS Studio streaming software to record victim screens and วิธีกำจัดเครื่องมือเพิ่มประสิทธิภาพระบบปลอม Spyware Terminator?

เฮลก้า สมิธ

ฉันสนใจวิทยาการคอมพิวเตอร์มาโดยตลอด, โดยเฉพาะความปลอดภัยของข้อมูลและธีม, ซึ่งเรียกกันในปัจจุบันว่า "วิทยาศาสตร์ข้อมูล", ตั้งแต่วัยรุ่นตอนต้นของฉัน. ก่อนจะมาอยู่ในทีมกำจัดไวรัสในตำแหน่งหัวหน้าบรรณาธิการ, ฉันทำงานเป็นผู้เชี่ยวชาญด้านความปลอดภัยทางไซเบอร์ในหลายบริษัท, รวมถึงหนึ่งในผู้รับเหมาของ Amazon. ประสบการณ์อื่น: ฉันได้สอนในมหาวิทยาลัยอาร์เดนและรีดดิ้ง.

ทิ้งคำตอบไว้

เว็บไซต์นี้ใช้ Akismet เพื่อลดสแปม. เรียนรู้วิธีประมวลผลข้อมูลความคิดเห็นของคุณ.

ปุ่มกลับไปด้านบน