Hackers took advantage of a Google Chrome bug to spy on journalists

Google fixed “zero-day vulnerability” in your browser Chromium, which was used by a group of cybercriminals involved in spying on the activities of various journalists around the world. This decree was baptized as CVE-2022-2294 was discovered after a series of cyberattacks against users Avast in middle Asia and Google fixed it on July 4, 2022.

Avast Threat Intelligencepart of the team at the cybersecurity firm that owns the antivirus of the same name reported this vulnerability Mountain View after its discovery.

Since the company quickly fixed this bug so that it doesn’t hurt more users, all you have to do is download the latest update from Google Chrome to protect against exploit. In addition, other web browsers based on chromium they have already released their updates, so their users will also be safe after downloading them.

Who has used this Google Chrome bug?

Although the main interest of the report Avast should have notified Google To fix the bug as soon as possible, the firm also claims that it was able to identify a group of cybercriminals who exploited this hitherto unknown vulnerability. A team of researchers traced attacks in the Middle East back to Israeli-made spyware, with which they were also able to decipher that journalists from Lebanon as well as other users Turkey, Yemen D Palestine.

In particular, Avast links the attacks and evolution of this computer virus to Candiru, a spyware vendor whose customers are some of the governments in the territory. In July 2022 microsoft also found that the group was spying on Spanish users through its software. sour cream.

How were cyberattacks carried out through Google Chrome?

Avast mentions that this type of attack allows you to get a profile Chromium of your victim using a set of 50 factors such as language, time zone, device type, installed plugins, referrer location, device memory, cookie functionality, and more.

With this information, cybercriminals They determined if their victim actually had what they were looking for, and after confirming this, they proceeded to exploit through an encrypted channel to exploit the browser’s zero-day vulnerability using software known as devil tongue (devil tongue).

Once launched on the victim’s computer, this powerful spyware begins to elevate its privileges to gain full access to the computer, being able to perform actions such as writing the user through it. Webcam D microphonerecord keystrokes, filter messages, and access your browsing history, geolocation, and even passwords.

“AT Lebanon, the attackers apparently hacked into a website used by employees of the news agency. We cannot say exactly what attackers might be looking for, however often the reason attackers go after journalists is to spy on them and learn stories they are working on directly, or to get to their sources and gather incriminating information and confidential data. which they shared with the press”said Jan Voiteshekmalware researcher in Avast.

Like the PROGAMER fanpage on Facebook to keep you up to date with the latest video games, anime, comics and geek culture news. In addition, you can also listen to our PROGAMER Podcast on the RPP Podcast, iTunes and Spotify. To hear better, #StayHome.