Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain


In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.

In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Analyzing a Facebook Profile Stealer Written in Node.js

    September 5, 2023

    During previous analysis of a campaign involving a Facebook stealer, Trend Micro researchers discovered another interesting stealer. It was written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a command-and-control (C&C) server, and employed GraphQL as a channel for C&C communication. This blog entry investigates this new stealer ...

  • New Agent Tesla Variant Being Spread by Crafted Excel Document

    September 5, 2023

    FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access. It is often used for Malware-as-a-Service (MaaS). FortiGuard Labs researcher Xiaopeng Zhang performed an in-depth analysis of this campaign, from the initial phishing email to ...

  • CISA Releases Two Industrial Control Systems Advisories

    September 5, 2023

    CISA released two Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-248-01 Fujitsu Limited Real-time Video Transmission Gear IP series Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • South Africa: Unprecedented cyber attacks target government entities

    September 5, 2023

    The incidence of spyware attacks has shown a significant surge of over 20% within South Africa with regard to 2023. The majority of these reported attacks have been concentrated on governmental websites and systems, thereby potentially engendering substantial instability to the national security framework of South Africa. The foundational principle of national security mandates that a ...

  • UK: Electoral Commission failed basic security test before hack

    September 5, 2023

    The Electoral Commission has confirmed it failed a basic cyber-security test around the same time hackers gained entry to the organisation. A whistleblower told the BBC that the Commission was given an automatic fail during a Cyber Essentials audit. Last month the Commission revealed that “hostile actors” accessed its emails and potentially the data of 40 ...

  • German Banking Regulator BaFin’s Website Hit by Cyber Attack

    September 4, 2023

    German banking regulator BaFin said its website has only been partially accessible since Friday after a so-called distributed denial of service attack. BaFin took security and defensive measures after the attack which also restrict access to the website, according to a spokeswoman. All of BaFin’s other systems are working without disruption, she said. Read more… Source: Yahoo! News