Attackers infect booby-trapped websites — who visited them.
Zero-Day Exploit:
A computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability.
Researchers from Google’s Project Zero exploit have detailed a hacking operation to install malware on Android and Windows devices in Chrome and Windows.
According to Arstechnica’s post, The hackers delivered the exploits through watering-hole attacks.
In addition, it compromises sites frequented by the targets of interest and laces the sites with code that installs malware on visitors’ devices.
“These exploit chains are designed for efficiency & flexibility through their modularity,” Google’s Project Zero exploit research team wrote.
The researcher further added,
- the modularity of the payloads,
- the interchangeable exploit chains
- and, the logging, targeting, and maturity of the operation also set the campaign apart.
On the other hand, the four zero-days exploited were:
- CVE-2020-6418 — Chrome Vulnerability in TurboFan (fixed February 2020)
- CVE-2020-0938 — Font Vulnerability on Windows (fixed April 2020)
- CVE-2020-1020 — Font Vulnerability on Windows (fixed April 2020)
- CVE-2020-1027 — Windows CSRSS Vulnerability (fixed April 2020)
By exploiting the Chrome zero-day and several recently patched Chrome vulnerabilities, attackers obtained remote code execution.
All of the zero-days were used against Windows users and no Android devices, but it’s likely the attackers had Android zero-days at their disposal, the Project Zero researchers said.
However, From the exploit servers, researchers have extracted:
- Renderer exploits for four bugs in Chrome, one of which was still a 0-day at the time of the discovery.
- Two sandbox escape exploits abusing three 0-day vulnerabilities in Windows.
- also, A “privilege escalation kit” composed of publicly known n-day exploits for older versions of Android.
“We hope this blog post series provides others with an in-depth look at exploitation from a real-world, mature, and presumably well-resourced actor,” Project Zero researchers wrote.
Moreover, Researchers of Project Zero recommended to read in the below order:
Follow Us on: Twitter, Instagram, Facebook to get latest security news!
Ive got to write about this for a class I am taking, well similar to this. This really made it easier for me , so thanks you A TON.Take care, Shawnta Edelstein
I usually don’t post in Blogs but your blog forced me to, amazing work.. beautiful
Thank you for this impressive report. I am refreshed following reading this. Thank you!
very interesting points you have noted , thankyou for posting .