Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide.
Zero-day vulnerabilities are security flaws the vendors of impacted software do not know about or for which there are no available fixes.
Google's TAG has been following the activities of 40 commercial spyware vendors to detect exploitation attempts, protect users of its products, and help safeguard the broader community by reporting key findings to the appropriate parties.
Based on this monitoring, Google has found that 35 of the 72 known in-the-wild zero-day exploits impacting its products over the last ten years can be attributed to spyware vendors.
Those spyware vendors use the zero-day flaws to target journalists, activists, and political figures as directed by their customers, including governments and private organizations.
Intellexa: Alliance of spyware firms led by Tal Dilian since 2019.
NSO Group: Israeli firm famous for Pegasus spyware and other sophisticated espionage tools.
Variston: Spanish CSV providing tailored security solutions.
It collaborates with other vendors for zero-day exploits and is linked to the Heliconia framework, expanding in the UAE. These vendors sell licenses to use their products for millions of dollars, allowing customers to infect Android or iOS devices using undocumented 1-click or zero-click exploits.
Some of the exploit chains utilize n-days, which are known flaws for which fixes are available, yet patching delays still make them exploitable for malicious purposes, often for extended periods.
Google says that CSVs have grown very aggressive in their hunt for zero-days, developing at least 33 exploits for unknown vulnerabilities between 2019 and 2023.
In the appendix of Google's detailed report, one can find a list of 74 zero-days used by 11 CSVs. Of those, the majority are zero-days impacting Google Chrome and Android, followed by Apple iOS and Windows.
When white-hat researchers discover and fix the exploited flaws, CSVs often incur significant operational and financial damage as they struggle to reconstruct a working alternative infection pathway.
This is not enough to stop the proliferation of spyware, as the demand for these tools is strong, and the contracts are too lucrative for CSVs to give up.
Google calls for more action to be taken against the spyware industry, including higher levels of collaboration among governments, the introduction of strict guidelines that govern the use of surveillance technology, and diplomatic efforts with countries hosting non-compliant vendors.
Google is proactively countering spyware threats through solutions like Safe Browsing, Gmail security, the Advanced Protection Program, and Google Play Protect, as well as by maintaining transparency and openly sharing threat information with the tech community.
GrapheneOS: Frequent Android auto-reboots block firmware exploits.
More Android apps riddled with malware spotted on Google Play.
Google Search bug shows blank page in Firefox for Android.
New Xamalicious Android malware installed 330k times on Google Play.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 06 Feb 2024 17:30:10 +0000