DevilsTongue hits reporters on Chrome
Avast researchers have discovered an exploit of a WebRTC vulnerability affecting Chrome, aimed at conducting "watering hole" attacks, which in turn involve loading malware on target websites in order to infect their users.Google has already corrected the vulnerability after researchers privately informed the company about the situation. Microsoft and Apple did the same for their respective Edge and Safari browsers.
As stated by Avast, several attack campaigns have been conducted, with various types of exploits against Chrome users in Lebanon, Turkey, Yemen and Palestine. The "watering hole" sites infected a very select target of users, typically journalists and employees of a press agency.
The malware behind the attacks was dubbed DevilsTongue by Microsoft, is advanced and allegedly sold by the Israeli company Candiru.
According to Avast's findings, compromised sites were not limited to infecting only certain visitors, but were also configured to prevent exploited zero-day vulnerabilities from being discovered by competing researchers or hackers.
In any case, the vulnerability known as CVE-2022-2294 was patched by Google and Microsoft at early July, while Apple has only corrected it for a few days, Safari users need to make sure they are using the latest version of the browser.
It is unknown whether other hackers have exploited this WebRTC vulnerability to conduct their own attacks, although there are no signs that other groups are marketing exploits or using the flaw.