Google’s Threat Analysis Group (TAG) revealed that hackers are targeting Samsung smart phone users in the UAE.
TAG tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users.
The threat analysis group released its findings on 29 March and said that it has been tracking the spyware attack since December 2022.
“In December 2022, TAG discovered a complete exploit chain consisting of multiple 0-days and n-days targeting the latest version of Samsung Internet Browser. The exploits were delivered in one-time links sent via SMS to devices located in the United Arab Emirates (UAE),” Google’s report read.
According to TAG the spyware was developed by Spain-based commercial vendor, Variston. The spyware, written in C++, includes libraries for decrypting and capturing data from various chat and browser applications according to the report.
“The actor using the exploit chain to target UAE users may be a customer or partner of Variston, or otherwise working closely with the spyware vendor,” it added.
