A series of cyberattacks against Avast antivirus users in the Middle East has allowed the company’s experts to discover a ‘zero-day vulnerability’ in the Google Chrome browser (named CVE-2022-2294). The Avast Threat Intelligence team reported this vulnerability to Google, which patched it on July 4, 2022.

Since Google has rushed to patch the vulnerability, To safeguard our equipment, it will suffice to keep our browser updated Chrome. Most other Chromium-based browsers have already released this update as well.

But in addition to the existence of vulnerability, at Avast they are sure they have identified who was exploiting this vulnerability now unknown.

Another case similar to the famous ‘Pegasus’

According to the company, the Avast Threat Intelligence team has been able to trace the origin of the attacks to spyware developed in Israeldiscovering that among the targets of these attacks were several journalists from Lebanon, as well as other users from Turkey, Yemen and Palestine.

Specifically, the members of said team attribute, based on the malware and the tactics used to carry out the cyberattack, to the spyware provider Candiru (based in Tel Aviv), known for selling spy software to government clients… and which Microsoft already surprised by monitoring Spanish users last year through its Sourgum software.

This attack allows first, obtain a profile of the victim’s web browserbased on the collection of fifty factors: the language of the victim, the time zone, the type of device, the plug-ins installed in the browser, the reference location, the memory of the device, the functionality of the cookies, etc. .

Once said information is in the hands of the attackers, and if it indicates that the target is what the attackers were looking foran exploit is sent via encrypted channel to take advantage of the zero-day vulnerability through software known as DevilsTongue.

Once it is executed on the victim’s computer, DevilsTongue, an advanced spywarewhich attempts to escalate its privileges to gain full access to the victim’s devicerecording via webcam and microphone, recording your keystrokes, filtering your messages, accessing browsing history, passwords or geolocation, etc.

Jan Vojtěšek, malware researcher at Avast, has stated that