An Israeli team has provided tools needed to use Microsoft Windows and Microsoft technology in hacking. This information provided by the research institute highlights the growing trade in the supply of tools in widely used software hacking.
A provider called Candiru secretly finds vulnerabilities in software platforms for its customers. The company has developed and sold a tool that can access Windows, according to Citizen Lab. In addition to this special tool, the company has developed more software products focused on intelligence activities, according to a Reuters report.
Technical analysis by security researchers has revealed how the tool has spread to countless unnamed buyers around the world and has been used to target various intellectual organizations. According to Citizen Lab and Microsoft, the victims include a Saudi dissident group and a left-wing media outlet in Indonesia.
Attempts to contact Candiru were unsuccessful, Reuters reported.
After analyzing the infected files collected by Microsoft, Citizen Lab found that the tool was specifically targeted at users in several countries. These include Iran, Lebanon, Spain and the United Kingdom.
"Candiru's growing presence and use of its technology in surveillance of global civil society proves that there are numerous hired companies involved in creating spyware and that there is a risk of widespread misuse," the report said.
Microsoft fixed the bug by releasing a software update on Tuesday. The software giant, without naming Candiru, said it had been abused by an Israeli privately-owned malicious group, codenamed "Savargam."
In a blog post, Microsoft said, “Savargam buyers are often from various government agencies around the world. The company usually sells cyber weapons that allow hacking into the targeted person or organization's computers, phones, network infrastructure and Internet-connected devices. ”
Google Chrome also builds candy tools to take advantage of errors in other conventional software, such as the browser.
In a blog post on Wednesday, Google also revealed two Chrome software bugs that Citizen Lab Candiru found to be related to. Google also described Candiru as a "commercial surveillance agency" without naming him. Google fixed the bug earlier this year.