"Google TAG Shares Details about Exploit Chains Used to Install Commercial Spyware"
Google's Threat Analysis Group (TAG) released information regarding two different attack campaigns involving the exploitation of multiple zero-day flaws against Android, iOS, and Chrome. According to researchers, both campaigns were limited and highly targeted. The threat actors responsible for the attacks used both zero-day and n-day exploits. The exploit chains installed commercial spyware and malicious apps on targets' devices. In November 2022, researchers discovered the first campaign. The exploit chains found by TAG researchers affected Android and iOS, and were distributed to users via SMS-sent bit.ly links. The campaign targeted users in Italy, Malaysia, and Kazakhstan. Victims are initially sent to pages hosting exploits for either Android or iOS. Then they are redirected to legitimate websites such as the official website for BRT, an Italian shipping and logistics company, or a Malaysian news website. These campaigns demonstrate the continued success of the commercial spyware industry. TAG researchers find that even smaller surveillance vendors have access to zero-day vulnerabilities, and vendors who stockpile and use zero-day vulnerabilities secretly, pose a significant threat to the Internet. These campaigns also suggest that surveillance vendors are sharing exploits and methods, further increasing the proliferation of destructive hacking tools. This article continues to discuss the exploit chains discovered targeting Android, iOS, and Chrome to install commercial spyware.