The spy campaign used five 0-day vulnerabilities in Chrome and Android


According to Google, during 2021, one espionage campaign used at least 5 zero—day vulnerabilities – 4 in the Chrome browser and 1 in the Android OS.

The team of information security specialists Threat Analysis Group (TAG) reported that the developer of the spyware is a group from Northern Macedonia Cytrox. All that is known about Cytrox is that in June 2021, with its Predator malware, the group attacked Egyptian politician Ayman Nur and a journalist who wished to remain anonymous.

According to TAG, Cytrox exploited 4 Chrome zero-day vulnerabilities (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and CVE-2021-38003) and 1 Android zero-day bug (CVE-2021-1048) in at least three campaigns that were allegedly conducted from on behalf of various governments. Cytrox also took advantage of several known n-day vulnerabilities for which fixes were already available.

Apparently, the Cytrox group is not going to stop and will continue attacks. This is bad news for Google, Apple and Microsoft, which need to protect products used by hundreds of millions of people. TAG experts are concerned about the incredible progress of private companies that have reached the level of government organizations in the development of surveillance systems and spyware.

“Seven out of nine 0-day vulnerabilities in 2021 were discovered by private companies, after which information about them was sold directly to government agencies. TAG actively tracks more than 30 private companies selling exploits and spyware to government organizations», – it is written in the Google message.

Start a discussion …