Article 5CSS0 Hackers used 4 zero-days to infect Windows and Android devices

Hackers used 4 zero-days to infect Windows and Android devices

by
Dan Goodin
from Ars Technica - All content on (#5CSS0)
privacy-800x450.jpg

Enlarge (credit: Getty Images)

Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors' devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android.

Not your average hackers

The use of zero-days and complex infrastructure isn't in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code-which chained together multiple exploits in an efficient manner-the campaign demonstrates it was carried out by a highly sophisticated actor."

Read 7 remaining paragraphs | Comments

index?i=aMyW-8TYbgo:QjbUUaAaoA0:V_sGLiPB index?i=aMyW-8TYbgo:QjbUUaAaoA0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments