Google Chrome is generally thought of as a pretty safe browser to use, but that doesn’t make it an impenetrable fortress, and a Chrome exploit used to distribute malware is the latest proof of that. A zero-day is an exploit that, once discovered, is immediately used to attack an entity or other users. This gives the company that makes the software that contains the exploit zero days to prepare for its malicious use. Instead, they’re forced to work on patching the previously unknown vulnerability after the fact.

According to a report from Bleeping Computer, a zero-day was recently used to target a variety of entities by distributing malware. Reported targets include Russian media outlets, educational institutions, and financial institutions. The malware, known as ‘Dante,’ is said to be a piece of commercial spyware. It was also reportedly created by Memento Labs, an Italian company formerly known as Hacker Team.

The Chrome exploit that was distributing malware was discovered by Kaspersky

Dante was initially discovered back in March of this year, as malware used as part of an attack called Operation ForumTroll that targeted Russian organizations. However, it wasn’t until recently that Kaspersky shared more intricate details of the malware and its inner workings.

As noted by Kaspersky, the initial point of infection from this malware occurred when users clicked a link in a phishing email. Once at the malicious website, the victims were “verified” and then the exploit was executed.

According to reports, these phishing emails were sending out invites to Russian organizations to attend the Primakov Readings forum.

Kaspersky further details that the Dante software, as well as other tools used in Operation ForumTroll, were developed by Memento Labs, linking the company to these attacks in some form. It’s worth noting that this company isn’t 100% confirmed to be behind the attacks. As noted by Bleeping Computer, there is a possibility that someone else was behind the zero-day attack and distribution of the malware.

The post 'Dante' Malware reportedly targeted Chrome users through zero-day exploit appeared first on Android Headlines.