Experts at Google say the tools used by Variston are being used by hackers in the United Arab Emirates to spy on targets. With this information, law enforcement may be able to track and arrest those responsible for these attacks.
For years, exploit kits likeBlack Hat and National Security Agency’s STRIDE toolkit have been targeting users in countries with weak digital security measures. However, the new attack demonstrated how sophisticated hackers can be when they tail an unsuspecting user across multiple devices. The malicious links disguised as legitimate text messages were sent to targets in the UAE who used Samsung’s native Android browser. The hackers used a set of vulnerabilities chained together and delivered via one-time web links sent to the targets by text message. The first vulnerability was a zero-day that had not yet been reported to the software maker at the time of attack, meaning it was unknown to them. Once activated, this vulnerability allowed attackers temporarily accessLog files which contained personal information such as addresses and contact lists
Both campaigns using the same identical landing pages directed their victims to a malicious Android spyware suite designed to capture data from chat and browser apps.
Given that Variston is the actor behind the exploit chain used to target users in the UAE, it’s likely that they are either a customer or partner of Variston. This suggests that Variston may be working closely with a spyware vendor, potentially meaning they’re selling spyware to Arabian governments.
Based on the information provided, it is possible that the hacking campaign involved redirecting users to malicious websites in order to exploit them. It’s unclear who is behind this hacking campaign or who the intended targets are.
Samsung’s lack of response to a request for comment could mean that they are planning on release their own streaming device. This would be interesting, considering how well Amazon has done with the Fire TV Stick and Roku Streaming Stick. It
Variston is just one of the many innovative companies working on new ways to track and monitor the movements of individuals. It’s likely that its products are used by government agencies and corporations around the world, but we won’t know for sure until more information becomes available.
Google’s announcement on Wednesday that they have discovered a hackers exploiting iOS zero-day bug to install spyware on devices has raised alarm bells among security experts. The vulnerability was patched in November, but as the new exploit chain targets iPhone owners running iOS 15.1 and older located in Italy, Malaysia and Kazakhstan, it could still be exploited by malicious actors.
As reported by Google TAG researchers, a vulnerability in the WebKit browser engine was exploited by attackers, resulting in the exposure of users’ login credentials. Though patched in December, the flaw has continued to be actively exploited and could result in an increased level of cyber risk for individuals using Safari or other apps that rely on theWebKit browser engine.
Cytrox’s exploitation of this vulnerability suggests that the North Macedonian spyware developer has access to sophisticated iOS hacking Techniques and tools not available to the average hacker.
Security researchers at Google have indicated that Android devices running on ARM processors are particularly vulnerable to attack. Android OS releases dating back to February of this year have been identified as being particularly at risk, due to the presence of three separate bugs that hackers can exploit with relative ease. Samsung, Xiaomi, Oppo, and Google themselves were all found to be lacking in their willingness or ability to patch these vulnerabilities quickly enough, which allowed hackers free reign to exploit the holes for several months prior. Given the billions of Android devices out in the world – including those used by individuals and businesses alike – it is crucial that companies take swift action in patching any potential security risks they may pose.
It is clear that the commercial spyware industry continues to thrive, and even smaller surveillance vendors have access to 0-days. This poses a severe risk to the Internet and citizens who rely on it for their online safety. It is important that these companies are held accountable for their actions, so that information security threats like this do not continue to thrive.
As third-party surveillance products proliferate and share exploits, it’s important to be aware of the dangers that this poses. By sharing tools and tactics, surveillance vendors can help make vulnerable computer systems universally accessible to malware authors, which could lead to widespread infections. As a result, it’s important that computer users take steps to protect themselves by installing common security measures and avoiding using undocumented or untested software.
