Expand To Show Full Article
DevilsTongue malware used Browser and Windows exploits

TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

DevilsTongue malware used Browser and Windows exploits to infect computers

According to Microsoft, an Israeli company Candiru was responsible for spreading DevilsTongue malware that compromised the security of PCs running the Windows operating system. The Redmond-based company has cracked down on SOURGUM, a private-sector offensive actor (PSOA), which according to the company, exploited two Windows 0-day vulnerabilities – CVE-2021-31979 and CVE-2021-33771. Both the vulnerabilities have already been patched.

Malware

DevilsTongue malware used Browser and Windows exploits

Private-sector offensive actors manufacture and sell cyberweapons to government agencies around the world.

“We take these threats seriously and have moved swiftly alongside our partners to build in the latest protections for our customers,” Microsoft said.

Microsoft acted on the tip by Citizen Lab, which then helped the software giant crackdown on SOURGUM. Microsoft and Citizen Lab have neutralized the DevilsTongue malware threat, which affected more than 100 victims worldwide. Some of the prominent victims of this coordinated malware attack include politicians, human rights activists, journalists, and academics, embassy workers, and political dissidents. Microsoft jas issued a software update to protect Windows customers from the underlying 0-day exploits.

Per media reports, private-sector offensive actors often sell Windows exploits and malware to government agencies in Uzbekistan, United Arab Emirates, and Saudi Arabia.

“Approximately half of the victims were found in Palestinian Authority, with most of the remaining victims located in Israel, Iran, Lebanon, Yemen, Spain (Catalonia), United Kingdom, Turkey, Armenia, and Singapore,” Microsoft added.

However, it doesn’t necessarily mean that government agencies in countries where victims were found are SOURGUM customers, Microsoft has clarified. SOURGUM likely uses a chain of browser and Windows exploits to install malware on Windows machines, courtesy of a link shared over applications like WhatsApp. Both the CVE-2021-31979 and CVE-2021-33771 vulnerabilities could allow an attacker to elevate SYSTEM privileges.

DevilsTongue malware uses cookies to collect information, read the victim’s messages, and retrieve photos. It could also send malicious links to other people on behalf of victims. Windows users who have installed the July 2021 security update are protected from two Windows 0-day exploits for vulnerabilities: CVE-2021-31979 and CVE-2021-33771.

139 Shares

Date: Tags:

[email protected]

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap