Kaspersky: a tool related to espionage was distributed as a result of a zero-day exploit of a Google Chrome vulnerability. CVE-2025-2783 (CVSS score:
8.3) is the vulnerability in question.
Phishing emails with short-lived, personalized links inviting recipients to the Primakov Readings forum were part of the infection wave. An exploit that allowed the attackers to escape the program's boundaries and distribute tools created by Memento Labs was triggered simply by clicking the links using Google Chrome or a Chromium-based web browser. Because of the use of leetspeak, it has been discovered that the attacks opened the door for a previously unreported spyware known as LeetAgent.
The malware can establish an HTTPS connection to a command-and-control (C2) server. It has been determined that the malware utilized in the intrusions dates back to
2022.
Additionally, the threat actor is connected to a wider range of malicious cyber activity directed at Belarusian and Russian organizations and individuals. Paolo Lezzi, the CEO of Memento Labs, told TechCrunch that the Italian spyware vendor is the owner of the spyware found by Kaspersky. Mementso stated that it has fewer than 100 customers, but it is currently unknown which of them is in charge of the campaign.
The spyware has already asked its users to cease using the Windows malware, and it is currently only creating tools for mobile platforms. According to Memento Labs, a Windows version of their Dante spyware was utilized by one of their clients. The results once again show how instruments that are purportedly sold to law enforcement and intelligence services are misused for evil ends.
Additionally, they draw attention to the ongoing spread of surveillance technology. Following publication, the story was revised to include confirmation that a law enforcement or intelligence agency had utilized one of Memento's Windows versions of the spyware. Additionally, confirmation that the Windows version was used to spy on a police officer was added.
CNN.com has the complete story.