Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain


In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.

In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Scammer Black Friday offers: Online shopping threats and dark web sales

    November 19, 2024

    The e-commerce market continues to grow every year. According to FTI consulting, in Q1 2024, online retail comprised 57% of total sales in the US, and it is expected to increase by 9.8% over 2023 by the end of this year. In Europe, 72% of those aged 16–74 buy online, their share growing by the year. ...

  • FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

    November 19, 2024

    In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of an attack on a municipal energy company in Ukraine in early 2024. FrostyGoop is the ninth ...

  • Palo Alto Networks Releases Critical Security Advisory for PAN-OS

    November 18, 2024

    Palo Alto Networks has issued a critical severity security advisory for an authentication bypass vulnerability, known as CVE-2024-0012, affecting the PAN-OS management web interface. CVE-2024-0012 has a CVSSv4 score of 9.3 when access is allowed to the management interface from external IP addresses on the internet. However, if access is restricted to a jump box that ...

  • Space tech giant Maxar confirms hacker accessed employees’ personal data

    November 18, 2024

    U.S. space technology and satellite giant Maxar has confirmed a data breach involving the personal information of its employees, according to a filing with state regulators. The Colorado-headquartered Maxar operates imaging satellites and manufactures spacecraft, and claims to operate one of the largest commercial satellite constellations on orbit. Maxar has long been a significant provider of ...

  • QuickBooks popup scam still being delivered via Google ads

    November 18, 2024

    Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires ...

  • Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

    November 18, 2024

    There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyber-attacks. Examples of proxy botnets set up by advanced persistent ...