Communications of the ACM

Home/News/Hackers Used Four Zero-Days to Infect Windows, Android.../Full Text

ACM TechNews

Hackers Used Four Zero-Days to Infect Windows, Android Devices

By Ars Technica
January 21, 2021
Comments

View as: Print Mobile App Share:

The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by targets of interest and lace the sites with code that installs malware on visitors devices. — Google researchers uncovered a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Credit: Getty Images

Investigators with Google's Project Zero exploit research team reported a hacking campaign that involved four zero-day exploits—one in Chrome and three in Windows—to install malware on Android and Windows devices.

The hackers waged watering-hole attacks, which compromise websites frequented by targets of interest and taint them with code that installs malware on visitors' devices.

A Project Zero researcher wrote, "These exploit chains are designed for efficiency and flexibility through their modularity," adding that the exploits were likely crafted by teams of experts.

The attackers enabled remote code execution via the Chrome zero-day and several recently patched Chrome vulnerabilities, with all the zero-days employed against Windows users.

No zero-days were used to hack Android devices, but the researchers believe the hackers had such zero-days in their arsenal; they hope their disclosure of the exploits will help the security community to more effectively counter such complex malware campaigns.

From Ars Technica
View Full Article

No entries found

Hackers Used Four Zero-Days to Infect Windows, Android Devices

In Memoriam: Niklaus Wirth

Leveraging Professional Ethics for Responsible AI

Tokenomy of Tomorrow: Envisioning an AI-Driven World