Threat Actor: Unknown | Unknown
Victim: Android and iOS device users | Android and iOS device users
Price: Not specified
Exfiltrated Data Type: Not specified
Additional Information:
- The threat actor claims to have a serious security vulnerability on Android and iOS devices, allowing for remote code execution (RCE) and granting control over targeted devices.
- No proof of concept or evidence has been provided by the threat actor, raising doubts about the validity of the exploit.
- The exploit supports both 0-click and 1-click attack scenarios, with the ability to execute malicious code without user interaction.
- Common vectors such as SMS messages or image files can be exploited to gain access to devices.
- Once exploited, attackers gain complete control over compromised devices, enabling various malicious activities including data exfiltration and installation of additional malware.
- Compromised devices can be used to launch further attacks, posing a threat to individual users and network security.
- Zero-click attacks are particularly dangerous as they do not require user interaction and exploit vulnerabilities in the target device.
A threat actor alleging to of a serious security vulnerability on Android and iOS devices, posing a serious threat to user privacy and security. This exploit enables Remote Code Execution (RCE), granting attackers control over targeted devices. The threat actor hasn’t provided any proof of concept or evidence regarding the Zero-click exploit they’re selling, leading to doubts about the validity of the sale
The exploit presents a versatile attack vector, supporting both 0-click and 1-click attack scenarios. In the 0-click scenario, malicious code can execute without any user interaction, potentially triggered by innocuous actions such as receiving a message or viewing an image. Even when user interaction is necessary in the 1-click scenario, the exploit retains its effectiveness by exploiting common vectors such as SMS messages or image files to gain access to devices.
Allegedly, once exploited, attackers gain complete control over the compromised device. This level of access enables a range of malicious activities, from data exfiltration to the installation of additional malware. Furthermore, attackers could leverage compromised devices to launch further attacks, posing a significant threat to both individual users and broader network security.
Zero-click attacks are a dangerous tactic that do not require user interaction and exploit vulnerabilities in the target device to allow attackers to gain remote control.
Original Source: https://dailydarkweb.net/threat-actor-allegedly-selling-zero-click-rce-exploit-targeting-ios-and-andoid-devices/