Despite all the efforts companies make to improve the security of their devices, there’s always someone working to find new vulnerabilities. This time, a group of advanced hackers managed to infect devices running iOS, Android, and Windows through compromised websites.
As reported by ArsTechnica, Attackers have been using malicious websites to gain access to sensitive parts of the operating system due to the found security breaches. Members of Project Zero, which is a team at Google that looks for security exploits on different platforms, said that these hackers found 11 zero-day vulnerabilities.
The attacks using such breaches started in February 2020 and went on until October 2020. Malicious code was injected into the webpage via an iframe that pointed to exploited servers. Researchers point out that one of the servers was focused on attacking iOS and Windows users, while the other responded to Android devices.
For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability that the fix is still unknown to the developers. The report mentions that the hackers had advanced knowledge of what they were doing as they were able to bypass the security systems of “well-fortified OSes and apps that were fully patched.”
In October 2020, we discovered that the actor from the February 2020 campaign came back with the next iteration of their campaign: a couple dozen websites redirecting to an exploit server. Once our analysis began, we discovered links to a second exploit server on the same website. After initial fingerprinting (appearing to be based on the origin of the IP address and the user-agent), an iframe was injected into the website pointing to one of the two exploit servers.
In another example of how the hackers have experience with zero-day exploits, they were able to quickly reopen the breach after Google updated the Chrome engine with a fix. In other words, even if users were running the latest version of the app or operating system, they would still be susceptible to being infected when accessing a compromised website.
While keeping the software on your devices up to date is still important to avoid security issues, users must beware of opening websites or apps that they don’t highly trust. More details about this exploit can be found on the Project Zero blog.