Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain


In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.

In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • FBI: Fictitious Law Firms Targeting Cryptocurrency Scam Victims Combine Multiple Exploitation Tactics While Offering to Recover Funds

    August 13, 2025

    This updated advisory provides additional red flag indicators and due diligence measures to help victims who have been in contact with fictitious law firms conducting this fraudulent activity. This scheme combines a number of exploitation tactics including targeting vulnerable populations, particularly the elderly; exploiting victims’ emotional state and financial need to recover funds from a previous ...

  • Pandora cyber attack highlights growing threat to ecommerce

    August 13, 2025

    The global jeweller, Pandora has recently fallen victim to a cyber attack — becoming the latest high-profile cyber incident. Last week, Pandora confirmed that it had been hit by a cyber attack, with customer data being breached as a result. However, the company claimed that no confidential information, such as passwords and credit card details, was ...

  • Fortinet Releases Security Advisory for Authentication Bypass Vulnerability

    August 12, 2025

    An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number. Read more… Source: Fortinet Sign up for the Cyber ...

  • Hackers breach and expose a major North Korean spying operation

    August 12, 2025

    Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity ...

  • New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

    August 12, 2025

    Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a ...

  • WinRAR vulnerability exploited by two different groups

    August 12, 2025

    On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats. The vulnerability, tracked ...