Hacking campaign exploited zero-day tied to spyware firm

/in


A spyware campaign driven by “mercenary” hackers exploited a zero-day vulnerability in Android devices, reported Amnesty International’s Security Labs.

In its report, released Wednesday, security researchers said they notified Google of the spyware campaign in December, which sparked software updates that prevented the hack from being executed on the “billions of Android, Chrome and Linux users” vulnerable to the zero-day flaw.

The human rights organization did not name the spyware company while it continues to investigate and track its activities. However, Amnesty International said “the attack showed all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks.”

Also on Wednesday, Google’s Threat Analysis Group (TAG) detailed the zero-day reported by Amnesty International, as well as a zero-day in iOS devices used in a separate spyware campaign.

The reports of the spyware campaigns that governments are using against dissidents, journalists, human rights workers and political opposition members come the same week that U.S. President Joe Biden issued a ban on federal agencies from using commercial spyware except in certain cases, such as research.

Amnesty International shared its technical findings with Google TAG and other vendors, including Samsung, which released security updates for devices affected by the exploit.

“Unscrupulous spyware companies pose a real danger to the privacy and security of everyone. We urge people to ensure they have the latest security updates on their devices,” said Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, in a press release. He also called for a global moratorium on the sale, transfer and use of spyware until safeguards are in place for human rights.

Google captured the zero-day exploit chain used to hack Android devices in December. The campaign has been active since at least 2020, according to Amnesty International, and targeted mobile and desktop devices, including Google’s Android OS. The spyware and exploits came from a network of over 1,000 malicious domains, which included spoofed media sites…

Source…