Israeli spyware Candiru exploited Google Chrome flaw to snoop on MENA journalists: report

Israeli spyware Candiru exploited Google Chrome flaw to snoop on MENA journalists: report
Spyware from Israeli firm Candiru has reportedly been used to exploit a Google Chrome flaw and target journalists across the Middle East
2 min read
25 July, 2022
Israeli spyware company Candiru, has reportedly been used to spy on journalists in the MENA region [Getty]

Spyware from Israeli firm Candiru has been used to target journalists across the Middle East, according to reports.

The Candiru spyware was reportedly used to take advantage of the Chrome zero-day vulnerability in March of this year, to target journalists and other victims from Lebanon, Palestine, Turkey and Yemen, according to the Czech antivirus and cyber security company Avast.

Avast said last week that it had "recently" detected use of Candiru and thus identified a flaw in the Google browser.

Avast communicated the flaw on 1 July to Google, who fixed it three days later.

Avast said the Chrome browser vulnerability was found to be linked to Candiru, which offers surveillance and cyberespionage technology to governmental clients.

The attacker planted the Chrome zero-day exploit on an unidentified Lebanese news agency website to collect 50 data points from the target’s browser, which includes time zone, language, and device type, among others.

Candiru is also said to be capable of illegally retrieving messages, phone logs and photographs from devices belonging to victims it seeks to target, according to hackread.

Live Story

Avast researcher Jan Vojtěšek said it was "unclear" why the spyware was used to target journalists in the Middle East, but asserted that the Candiru’s objective was to spy and collect sensitive date from them.

Vojtěšek condemned use of the spyware for its "blatant violation" of press freedom and freedom of speech.

Candiru - which is also known as Saito Tech - is not the only Israeli spyware provider to have been used to tap into unsuspecting victims' phones.

NSO Group has been embroiled in controversy since investigations by journalists and human rights groups found that several governments - including some Europe and the MENA region - were using its Pegasus spyware to keep track of dissidents, activists and politicians, among others.

Avast said Candiru was used in a similar fashion, to target individuals including regime and government critics.

Like NSO Group, Candiru has also sanctioned by Washington for its "anti-US" activities, according to hackread.