BreachForums sells 0day ZeroClick vulnerability for Android for $5 million
- Thread starter Tomcat
- Start date
-
- Tags
- 0day android vulnerability
Tomcat
Professional
- Messages
- 2,688
- Reaction score
- 1,015
- Points
- 113
Did you receive a suspicious MMS message? Your phone has already been hacked
A new Zero-Click RCE exploit is up for sale for $5 million.
On June 16, an attacker under the pseudonym "Sp3ns3r" in his publication on the cybercrime site BreachForums announced the sale of a high-level Zero-day exploit for remote code execution (RCE).
In the ad, the attacker emphasizes the ease of attack, focusing on the Zero-Click nature of the exploit. This means that no user action is required to execute the code.
According to the hacker, the exploit supports Android OS versions 11, 12, 13 and 14, showing performance and efficiency on any Android devices. The potential scale of the disaster tends to the maximum.
The main method of distribution is MMS (Multimedia Messaging Service) messages. Moreover, the very fact of receiving such a message will already lead to infection of your device. The RCE nature of the exploit means that a remote attacker can execute any commands on the infected device after being compromised.
The exploit is up for sale for a record $5 million. Additionally, upon request, the hacker also provides a proof of concept (PoC) demonstrating the exploit's capabilities.
The previous recent record for the cost of an exploit put up for sale belonged to the RCE vulnerability in Microsoft Outlook, an exploit for which was put up on the same Breachforums for $ 1.7 million. Now this record is officially broken.
To protect your Android devices from the new Zero-Click attack, you can disable automatic MMS downloading in the message settings. In Google Messages, this is done as follows: Clicking on your avatar — Settings of the Messages app — your SIM card-Automatically download MMS (move the slider to the "Off" position).
The emergence of a new high-level Zero-Click exploit for Android demonstrates that cybercriminals are constantly looking for new ways to attack and monetize vulnerabilities. Users need to be vigilant, update their software in a timely manner, and follow cybersecurity guidelines to protect their devices and data.
A new Zero-Click RCE exploit is up for sale for $5 million.
On June 16, an attacker under the pseudonym "Sp3ns3r" in his publication on the cybercrime site BreachForums announced the sale of a high-level Zero-day exploit for remote code execution (RCE).
In the ad, the attacker emphasizes the ease of attack, focusing on the Zero-Click nature of the exploit. This means that no user action is required to execute the code.
According to the hacker, the exploit supports Android OS versions 11, 12, 13 and 14, showing performance and efficiency on any Android devices. The potential scale of the disaster tends to the maximum.
The main method of distribution is MMS (Multimedia Messaging Service) messages. Moreover, the very fact of receiving such a message will already lead to infection of your device. The RCE nature of the exploit means that a remote attacker can execute any commands on the infected device after being compromised.
The exploit is up for sale for a record $5 million. Additionally, upon request, the hacker also provides a proof of concept (PoC) demonstrating the exploit's capabilities.
The previous recent record for the cost of an exploit put up for sale belonged to the RCE vulnerability in Microsoft Outlook, an exploit for which was put up on the same Breachforums for $ 1.7 million. Now this record is officially broken.
To protect your Android devices from the new Zero-Click attack, you can disable automatic MMS downloading in the message settings. In Google Messages, this is done as follows: Clicking on your avatar — Settings of the Messages app — your SIM card-Automatically download MMS (move the slider to the "Off" position).
The emergence of a new high-level Zero-Click exploit for Android demonstrates that cybercriminals are constantly looking for new ways to attack and monetize vulnerabilities. Users need to be vigilant, update their software in a timely manner, and follow cybersecurity guidelines to protect their devices and data.
