After establishing a reference to the focused researcher, the menace actors despatched a malicious file that included at the least one zero-day in a extensively used software program package deal Google kept away from naming within the notification.
As soon as the exploitation is profitable, the shellcode performs a sequence of anti-virtual machine checks to ship collected info and screenshots again to an attacker-controlled C2 area.
The assault has a secondary an infection vector
Aside from the zero-day exploits, the menace actors additionally plant a standalone Home windows software they developed to obtain debugging symbols, and important program metadata from Microsoft, Google, Mozilla, and Citrix image servers.
“On the floor, this software seems to be a helpful utility for rapidly and simply downloading image info from a variety of completely different sources,” TAG mentioned. “The supply code for this software was first printed on GitHub on September 30, 2022, with a number of updates being launched since.”
Image servers present extra details about a binary that may be useful when debugging software program points or whereas conducting vulnerability analysis. The software additionally has the flexibility to obtain and execute arbitrary code from an attacker-controlled area, TAG added.