A new malware dubbed as DevilsTongue has been found circulating on the web these days and it’s said that it is targeting Microsoft Windows Systems, iPhones, Macs, Android based computing devices like smart watches and televisions and several cloud networks across the globe.
Microsoft Threat Intelligence Center(MTIC) and security firm Citizenlab jointly investigated the malware whereabouts in the wild and discovered that it was targeting politicians, journalists, embassy workers, human rights activists, and sportsperson from Israel, Yemen, Iran, Lebanon, Turkey, Afghanistan, UK, Armenia and Singapore.
Researchers from MTIC have confirmed that DevilsTongue malware was invented by Israel’s firm Candiru that sells software to companies that support state funded attacks.
Microsoft’s threat detection team states that Candiru operates similarly to that of NSO Group that invented and launched a global spying campaign through Pegasus malware campaign on a recent note. It has got success in its motive by exploiting two windows zero day vulnerabilities listed CVE-2021-31979 and CVE-2021-33771. When exploited, the two vulnerabilities can lead the hacker to remote privileges by evading security controls deployed over browser sandboxes and kernel code executions.
Microsoft says that it the said malware has the potential to steal cookies and passwords from Chrome, Internet Explorer, Firefox, Safari and opera browser and also has the potetial to steal messages from messaging and chat based apps.
Note- According to a security report released by Citizenlab, Candiru is a company that was founded in 2014 and supports motives of hackers by developing all necessary software to keep their malicious operations alive. It has gained a lot of reputation and trust from clients based in Europe, Asia, Latin America, Persia and Soviet Union and is reported to have devised over 180 espionage related tools to some federal nations and companies earning monetary benefits from the dark web.