Google has published an extensive report about a sophisticated attack that targeted both Android (opens in new tab) and Windows devices.
The report is part of a series of blog posts dubbed “In-the-Wild” that are produced jointly by Google's zero-day bug-hunting team, Project Zero, together with the Google Threat Analysis Group (TAG).
The investigation found that devices lacking the latest security updates were once again easy prey to hackers.
- These are some of the best endpoint protection software (opens in new tab)
- We’ve also compiled a list of the best antivirus products (opens in new tab)
- Stay safe with these best ransomware protection tools (opens in new tab)
Complex and well-engineered
The first post (opens in new tab) shares extensive details about the attack that Google got wind of in early 2020.
The attacks were carried out using two exploit servers, each of whom used a different exploit chain to compromise potential targets, via what are known as watering hole attacks (opens in new tab). While one server targeted Windows users, the other focused on Android.
The post also reveals that both exploit servers used vulnerabilities in Google Chrome (opens in new tab) to compromise the victim’s browser, before deploying an OS-level exploit to gain more control over the device.
After analyzing the well-engineered and complex exploit chains that used innovative exploitation methods, for months, security researchers at the search engine believe that they are the work of a team of experts.
Given the nature of the attacks, Google believes the attackers had access to Android zero-day exploits, although they couldn’t find any of the exploit servers. In any case, the researchers report that both Google and Microsoft soon released patches to fix the vulnerabilities, once knowledge of the attack came to light.
"We hope that by sharing this information publicly, we are continuing to close the knowledge gap between private exploitation (what well resourced exploitation teams are doing in the real world) and what is publicly known,” conclude the researchers.
- Check out our list of the best VPN solutions (opens in new tab)
Via: ZDNet (opens in new tab)