The protections on Android and Apple iOS devices as well as Google’s Chrome browser were breached by two “limited and highly targeted” spyware campaigns, according to Google’s Threat Analysis Group on Wednesday. These spyware campaigns exploited zero-day vulnerabilities as well as known but unpatched security flaws.
The company did not name the spyware vendors involved, but it did claim that one of the campaigns used links that took targets to a landing page that was the same as one that Google discovered in November 2022 as coming from the Spanish spyware company Variston IT. The analysts speculated that whomever was behind the most recent campaign may have been a partner or customer of Variston.