In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- LofyLife: malicious npm packages steal Discord tokens and bank card data
July 28, 2022
On July 26, using the internal automated system for monitoring open-source repositories, Kaspersky researchers identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. The Python malware is a modified version of an open-source token logger called Volt ...
- Vietnamese attacker circumvents Facebook security with ‘DUCKTAIL’ malware
July 27, 2022
Security vendor WithSecure, which was spun out in March 2022 as F-Secure’s enterprise security arm, claims it’s found malware that targets Facebook Business accounts. “The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware,” states WithSecure’s report on the campaign. “The malware is designed to steal browser ...
- Weak data protection helped China attack US Federal Reserve, report says
July 27, 2022
China’s cyber espionage activities are extensive and sophisticated but when the Middle Kingdom tried to steal sensitive economic data from the US Fed, poor security meant its operatives didn’t have to dip too far into their bags of tricks. Or at least that’s according to the findings of an investigation by the Senate’s Committee on Homeland ...
- Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report
July 26, 2022
Software vulnerabilities remain a key avenue of initial access for attackers according to the 2022 Unit 42 Incident Response Report. While this underscores the need for organizations to operate with a well-defined patch management strategy, we’ve observed that attackers are increasingly quick to exploit high-profile zero-day vulnerabilities, further increasing the time pressure on organizations when ...
- LockBit ransomware gang claims it ransacked Italy’s tax agency
July 26, 2022
The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According ...
- Amadey malware pushed via software cracks in SmokeLoader campaign
July 24, 2022
A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures. Amadey Bot is a malware strain discovered four years ago, capable of performing system reconnaissance, stealing information, and loading additional payloads. While its distribution has faded after 2020, Korean researchers at AhnLab report that a ...