Breadcrumb
Israeli spyware Candiru exploited Google Chrome flaw to snoop on MENA journalists: report
from Israeli firm Candiru has been used to target ²¹³¦°ù´Ç²õ²õÌý, according to reports.
The Candiru spyware was reportedly used to take advantage of the Chrome zero-day vulnerabilityÌýin March of this year, to target journalists and other victims from Lebanon, Palestine, Turkey and Yemen,Ìýaccording to the Czech antivirus and cyber security company Avast.
Avast that it had "recently" detected use of Candiru and thus identified a flaw in the Google browser.
Avast communicated the flaw on 1 July to , who fixed it three days later.
Avast said the Chrome browser vulnerability was found to be linked to Candiru, which offers and cyberespionage technology to .
The attacker planted theÌýChrome zero-day exploitÌýon an unidentifiedÌý news agency website to collect 50 data points from the target’s browser, which includes time zone, language, and device type, among others.
Candiru is also said to be capable of illegally retrieving messages, phone logs and photographs from devices belonging to victims it seeks to target, according to hackread.
Avast researcherÌýJan Vojtěšek said it was "unclear" why the spyware was used to target journalists in the Middle East, but asserted that the Candiru’s objective was to spy and collect sensitive date from them.
Vojtěšek condemned use of the spyware for its "blatant violation" of press freedom and freedom of speech.
Candiru - which is also known as Saito Tech - is not the only to have been used to tap into unsuspecting victims' phones.
NSO Group has been embroiled in controversy since investigations by journalists and human rights groups found thatÌýseveral Ìý- including some Europe and the MENA region - were using itsÌýÌýto keep track of dissidents, activists and politicians, among others.
Avast said Candiru was usedÌýin a similar fashion, to target individuals including regime and government critics.
Like NSO Group, Candiru has also sanctioned by WashingtonÌýfor its "anti-US" activities, according to hackread.