-Tracked as CVE-2022-0609, the vulnerability represents a use-after-free flaw in the browser’s Animation component, which was patched by Google on February 14th, 2022 as part of updates (version 98.0.4758.102).
The details in the report reveal that the campaigns targeted US-based organizations in the news media, IT and cryptocurrency, and fintech industries. One set of activities shared direct infrastructure overlaps with attacks on security researchers from the last year.
The exploit kit targeting the flaw was first used on January 4, 2022, according to Google TAG researcher Adam Weidemann. According to the report, it is dubbed that these groups are all part of the same organization, but each has a different mission and uses different techniques to accomplish it.
In keeping with ‘Operation Dream Job,’ one campaign targeted over 250 people working for ten different news organisations, domain registrars, web hosting providers, and software vendors.
The targets received emails purporting to be from recruiters at Disney, Google, and Oracle, containing bogus job opportunities.
The emails contained links to bogus job-search websites such as Indeed and ZipRecruiter.
“Victims who clicked on the links would be served a hidden iframe that would trigger the exploit kit,” said Google.
This will also affect anyone that has a crypto wallet tied to the browser!
Your Support of Independent Media Is Appreciated:
If you want to stream, Sign Up! https://dlive.tv/r/refer/streamer?name=dahboo7
UWN Facebook- https://www.facebook.com/DAHBOO7/