![avast for apple phone avast for apple phone](https://cdn.24htech.asia/wp-content/uploads/2022/07/25065128/image-iphone-14-series-apple-is-diversifying-suppliers-165868148875131.png)
![avast for apple phone avast for apple phone](https://i.ebayimg.com/images/g/KV0AAOSwryZizCxh/s-l500.jpg)
#AVAST FOR APPLE PHONE CODE#
The malicious code injected into the compromised website, loading further Javascript from stylishblockcom This injected code was then responsible for routing the intended victims (and only the intended victims) to the exploit server, through several other attacker-controlled domains. We suppose that this is how the attackers tested the XSS vulnerability, before ultimately exploiting it for real by injecting a piece of code that loads malicious Javascript from an attacker-controlled domain. Interestingly, the compromised website contained artifacts of persistent XSS attacks, with there being pages that contained calls to the Javascript function alert along with keywords like test. We can’t say for sure what the attackers might have been after, however often the reason why attackers go after journalists is to spy on them and the stories they’re working on directly, or to get to their sources and gather compromising information and sensitive data they shared with the press. In Lebanon, the attackers seem to have compromised a website used by employees of a news agency. There were multiple attack campaigns, each delivering the exploit to the victims in its own way. We believe the attacks were highly targeted. We’ve seen it return with an updated toolset in March 2022, targeting Avast users located in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.
![avast for apple phone avast for apple phone](https://www.techcommuters.com/wp-content/uploads/2020/09/Avast-Premium-Security.png)
#AVAST FOR APPLE PHONE UPDATE#
(A name the threat actors chose themselves, inspired by a horrifying parasitic fish of the same name.)Īfter Candiru was exposed by Microsoft and CitizenLab in July 2021, it laid low for months, most likely taking its time to update its malware to evade existing detection. We reported this vulnerability to Google, who patched it on July 4, 2022.īased on the malware and TTPs used to carry out the attack, we can confidently attribute it to a secretive spyware vendor of many names, most commonly known as Candiru. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties. We recently discovered a zero-day vulnerability in Google Chrome ( CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East.