Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain


In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.

In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • CoreWarrior Spreader Malware Surge

    October 11, 2024

    This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle The malware ...

  • Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

    October 11, 2024

    Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of the investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...

  • UNODC report exposes escalating threat of organized crime in the Pacific

    October 11, 2024

    The Pacific is increasingly becoming an important transshipment hub and an operational and destination point for organized crime syndicates, according to a new report launched today by the UN Office on Drugs and Crime (UNODC). Titled Transnational Organized Crime in the Pacific: Expansion, Challenges, and Impact, the report provides a detailed analysis of the rapidly evolving ...

  • Internet Archive data breach exposes more than 31 million user accounts

    October 11, 2024

    The Internet Archive, a popular digital library known for its Wayback Machine, was hacked and suffered a data breach that reportedly exposed 31 million user accounts. Founder Brewster Kahle confirmed in a post on the social media platform X that a cyberattack on Tuesday knocked the website offline. He also said that usernames, emails, and encrypted ...

  • Nokia Report Highlights Surge in Cyber Attacks on Telecom Infrastructure

    October 11, 2024

    The latest findings from Nokia’s Threat Intelligence Report reveal an alarming increase in cybercriminal activity targeting telecom infrastructure, largely fueled by advances in Generative AI and automation. This escalation has significant implications for network security and operational reliability within the telecommunications sector. The report indicates that the frequency of distributed denial of service (DDoS) attacks has ...

  • Digital arrests – the newest deepfake tool used by cybercriminals

    October 11, 2024

    An Indian textile baron has revealed that he was duped out of 70 million rupees ($833,000) by online scammers impersonating federal investigators and even the Supreme Court chief justice. The fraudsters posing as officers from India’s Central Bureau of Investigation (CBI) called SP Oswal, chairman and managing director of the textile manufacturer Vardhman, on August 28 ...