Google warns billions of Android and iPhone owners about ‘global spy attack’ – you need to check the setting now

SMARTPHONE owners have been warned about two spyware campaigns that could leave their data vulnerable to hackers.

Google’s Threat Analysis Group said in a blog post Wednesday that two spyware campaigns targeted Android and Apple devices, as well as Chrome.

1

“In this blog, we share details about two different campaigns that we recently discovered that used different 0-day exploits against Android, iOS and Chrome,” the blog states.

Besides the 0-day exploits, hackers also exploited n-days and exploited the time gap between fix release.

Zero (0) days are vulnerabilities that have not yet been patched or fixed by software developers – meaning they are fully exploitable by hackers and cybercriminals.

They often stem from unknown issues and are particularly dangerous until programmers can fix the problem.

Once a solution patch is written and used, the exploit is no longer referred to as a zero-day exploit.

Unlike Zero Days, an N-Day exploit has a security patch available.

Google said its findings “underscore the extent to which commercial surveillance vendors have developed capabilities that historically have only been used by governments with the technical know-how to develop and operationalize exploits.”

The tech giant did not specify who the spyware vendors involved were.

The first campaign is called “CVE-2022-42856; CVE-2022-4135” and the second as “CVE-2022-4262; CVE-2023-0266”.

Campaign 1 was discovered in November 2022, utilizing Android and iOS devices deployed in Italy, Malaysia and Kazakhstan via the link shortening service Bitly.

Meanwhile, Campaign 2 was uncovered in December 2022 with one-off links targeting devices in the United Arab Emirates (UAE).

“To protect our users, Google has reported these vulnerabilities to vendors,” the tech giant said.

“We would be remiss if we didn’t acknowledge the quick response and patching of these vulnerabilities by Google’s Chrome, Pixel, and Android teams, as well as Apple,” they added.

“We would also like to acknowledge and thank the Amnesty Security Lab for their help in exposing the second campaign detailed in this blog,” the blog continued.

Google noted that they remain committed to keeping their community updated and protecting their users from spyware campaigns.

To protect yourself from vulnerabilities, it is recommended that you always keep your software up to date.

You can check for new software updates in your device’s Settings app.