An Israel-based company was exposed for employing a malware that exploited a vulnerability in the Google Chrome web browser to access the personal data of countless journalists
Cybersecurity researchers were able to link a zero-day vulnerability in Google’s search engine to a US-sanctioned Israeli spyware company that targets journalists throughout West Asia.
On 21 July, cybersecurity company Avast reported that the Israeli spyware company, Candiru, was behind the DevilsTongue malware that has targeted dozens of journalists in Lebanon, Turkey, Yemen, and Palestine.
The malware was injected through an exploit, a program designed to take advantage of a vulnerability, identified as CVE-2022-2294.
A zero-day vulnerability is an undetected exploit in a product. It enables cybercriminals to breach through and run certain programs that allow them to gain remote access to administration privileges.
Using a ‘watering hole attack’ strategy, Candiru compromises existing sites, then resorts to phishing or other attacks to lure its victims.
In the case of Lebanon, hackers injected JavaScript snippets into mirrors of famous Lebanese news agency websites, allowing them to route the users towards a server that had the exploit and then to profile their devices.
This allowed Candiru “to collect information about the language, time zone, screen, device type, browser applications, device memory, functionality, and cookies,” according to Gridinsoft, an anti-malware software provider.
Analysts at Gridinsoft believe that the attack was directed at certain influential individuals to compromise their personal data, judging by the spyware’s ability to access the storage of the device.
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=TheCradleMedia&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvZmYiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3VzZXJfZm9sbG93X2ludGVudF8xNDQwNiI6eyJidWNrZXQiOiJmb2xsb3ciLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1417908701760008197&lang=en&origin=https%3A%2F%2Fthecradle.co%2FArticle%2Fnews%2F13502&sessionId=8d3b8346f04e5f320ea373a45fbbcf5a3f3fb961&siteScreenName=TheCradleMedia&theme=light&widgetsVersion=6da0b7085cc99%3A1658260301864&width=550px
The majority of similar spyware companies and startups in Israel are employed by the Israeli security establishment.
On several occasions, the companies were directed by the Israeli army to carry attacks against Israel’s adversaries in Lebanon and Iran.
On 27 June, Israeli-based hackers identified as Gonjeshke Darande targeted three Iranian state-owned steel producers, critically disrupting their operations and damaging equipment worth tens of thousands of dollars.
It was later revealed that Gonjeshke Darande is a front for the Israeli Intelligence Corps known as Unit 8200, according to The Times of Israel.
Similarly, the New York Times reported in January that Benjamin Netanyahu encouraged NSO spyware company to provide several Arab monarchies, including Saudi Arabia, with the Pegasus spyware.
The spyware was used against countless world presidents and targeted many journalists around the world, including the late Jamal Khashoggi.
“It is no accident that governments are using spyware to target activists and journalists. They seem to believe that by doing so, they can consolidate power, muzzle dissent, and protect their manipulation of facts,” said Beirut-based Human Rights Watch director Lama Fakih, herself a victim of Pegasus.