Microsoft, Google, Citizen Lab Blow lid Off Zero-day Exploiting Spyware Sold to Governments

[upnorth]

Content source

https://www.theregister.com/2021/07/16/microsoft_candiru_malware/

On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets' machines.

Redmond said at least 100 people – from politicians, human rights activists, and journalists, to academics, embassy workers and political dissidents – have had their systems infiltrated by Sourgum's code; about half are in Palestine, and the rest dotted around Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore.Once it has comprehensively compromised a Windows PC, DevilsTongue can exfiltrate the victim's files, obtain their login credentials for online and network accounts, snoop on chat messages, and more. Candiru also touts spyware that can infect and monitor iPhones, Android devices, and Macs, as well as Windows PCs, it is claimed. The products are said to be on sale to government agencies and other organizations, which then use the espionage software against their chosen targets.

"This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services." We're told that at least 764 domain names were found that were likely used in some way to push Candiru's malware to victims: websites using these domains typically masqueraded as legit sites belonging to Amnesty International and refugee organizations, the United Nations, government websites, news outlets, and Black Lives Matter communities.

Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments

100+ dissidents, politicians, journos targeted by Israeli espionage toolkit

www.theregister.com

 

[Andy Ful]

A similar Microsoft article in relation to the Defender protection:
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-951150

Here are other interesting articles from Citizen Lab about the spyware and stalkerware application Industry:
https://citizenlab.ca/docs/stalkerware-holistic.pdf
https://citizenlab.ca/2019/06/the-dangerous-effects-of-unregulated-commercial-spyware/

A similar article about exploiting weaknesses in the global mobile phone systems to spy people:
https://citizenlab.ca/2020/12/runni...g-the-clients-of-cyberespionage-firm-circles/

These dangerous exploits and tools can be also reused by (cyber) criminal groups like in the case of NSA exploits.
Not a good scenario.