Tuesday, September 26, 2023

Hackers used zero days to infect Windows and Android devices

Must read


Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Some of the exploits were zero days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers. (The two companies have since patched the security flaws.) Hackers delivered the exploits through waterhole attacks, which compromise the sites frequented by targets of interest and bind the sites with a code. which installs malware on visitors’ devices. The trapped sites used two operating servers, one for Windows users and one for Android users.

Using zero-day exploits and complex infrastructure is not in itself a sign of sophistication, but it does show above-average skills from a professional team of hackers. Combined with the robustness of the attack code – which chained several exploits together effectively – the campaign demonstrates that it was carried out by a “highly sophisticated actor”.

“These operating chains are designed to be efficient and flexible due to their modularity,” said a researcher from Google’s Project Zero research team. wrote. “This is a well-designed complex code with a variety of innovative harvesting methods, mature logging, sophisticated and calculated post-harvest techniques, and high volumes of anti-scan and targeting checks. We believe that teams of experts have designed and developed these exploit chains. “

The modularity of payloads, interchangeable operating chains, as well as logging, targeting and operation maturity also set the campaign apart, the researcher said.

The four zero days operated were:

  • CVE-2020-6418– Chrome vulnerability in TurboFan (fixed in February 2020)
  • CVE-2020-0938—Font Vulnerability on Windows (fixed April 2020)
  • CVE-2020-1020—Font Vulnerability on Windows (fixed April 2020)
  • CVE-2020-1027– Windows CSRSS vulnerability (fixed in April 2020)

Attackers obtained remote code execution by exploiting Chrome’s zero day and several recently patched Chrome vulnerabilities. Everyday Zero has been used against Windows users. None of the attack chains targeting Android devices operated on day zero, but researchers at Project Zero said it was likely that attackers had Android day zero available to them.

In all, Project Zero released six installments detailing the exploits and post-exploit payloads discovered by researchers. Other parts describe a Chrome Infinity bug, the Chrome exploits, the Android exploits, the Android post-exploitation payloads, and the Windows exploits.

The intention of the series is to help the security community as a whole fight more effectively against complex malware operations. “We hope this series of blog posts provide others with an in-depth look at the exploitation of a mature, presumably well-resourced real-world actor,” the Project Zero researchers wrote.

This story originally appeared on Ars Technica, a trusted source for technology news, technology policy analysis, reviews, and more.

More WIRED stories


- Advertisement -spot_img

More articles


Please enter your comment!
Please enter your name here

- Advertisement -spot_img

Latest article