Super hacker targeted Android and Windows users, In an update on Tuesday, Google said it had discovered two exploit servers that delivered various exploit chains in a waterhole attack. One of the servers targeted Windows users, while the other targeted Android, the company said. Google’s security team, which recently launched its own initiative to explore new ways to detect zero-day exploits in the wild, said in its blog post.
Both the Windows and Android servers used Chrome exploits for initial remote code execution. The exploit for Chrome on Windows contained a 0-day period, and the Chrome exploit was used by both the Linux and Windows servers, as well as the Android server.
Google said it hoped that by sharing this information publicly it would close the gap between private exploitation, which is a good resource for exploitation teams in the real world, and what the public knows. Google has not detected any vulnerabilities in Android, Windows, Linux or any other operating system.
Due to the actor’s sophistication, Google considers it likely that he or she had access to Android during the 0-day period. Waterhole attacks are those in which attackers observe websites frequently used by organizations or individuals and infect one or more with malware.
Overall, Google described the exploit chain as “well-thought-out and designed for efficiency and flexibility through its modularity.” The company said there was no evidence that the target had been targeted, nor any evidence of malicious intent by the attacker.