Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware

Estimated reading time: 7 minutes

Key Takeaways:

  • A Chrome zero-day vulnerability (CVE-2025-2783) has been exploited to deploy the LeetAgent spyware.
  • LeetAgent, developed by Memento Labs, can perform keylogging, screen recording, and data exfiltration.
  • The Shadow Escape exploit targets AI platforms, potentially exposing sensitive data through AI assistants.
  • MuddyWater’s Phoenix backdoor campaign targets government entities, highlighting ongoing APT threats.
  • The TEE.Fail attack demonstrates vulnerabilities in trusted execution environments (TEEs) of modern CPUs.

Table of Contents:

  1. Understanding the Chrome Zero-Day Exploit and LeetAgent Spyware
  2. The Technical Details
  3. LeetAgent Spyware: Capabilities and Functionality
  4. Impact and Affected Users
  5. Zero-Click Exploit Targets MCP and Linked AI Agents
  6. How Shadow Escape Works
  7. MuddyWater’s Phoenix Backdoor Targets Government Organizations
  8. The MuddyWater Campaign
  9. TEE.Fail Attack Breaks Confidential Computing
  10. TEE.Fail: How It Works
  11. New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems
  12. Herodotus: Mimicking Human Behavior
  13. Practical Takeaways and Actionable Advice
  14. PurpleOps and These Emerging Threats
  15. telegram threat monitoring
  16. FAQ

A recently discovered Chrome zero-day vulnerability, CVE-2025-2783, has been exploited to deploy the LeetAgent spyware developed by the Italian company Memento Labs. This highlights the ongoing risks associated with browser vulnerabilities and the importance of proactive cyber threat intelligence.

Understanding the Chrome Zero-Day Exploit and LeetAgent Spyware

The Chrome zero-day exploited to deliver Italian Memento Labs’ LeetAgent spyware (CVE-2025-2783) is a critical issue that demands immediate attention from cybersecurity professionals. This exploit enables attackers to install sophisticated surveillance tools on targeted systems, underscoring the need for advanced breach detection mechanisms.

The Technical Details

Kaspersky researchers uncovered the exploitation of CVE-2025-2783, a high-severity vulnerability in Google Chrome. The vulnerability allowed attackers to execute arbitrary code, leading to the deployment of LeetAgent. While specific technical details of the zero-day are limited, its successful exploitation underscores the importance of staying updated with the latest security patches.

LeetAgent Spyware: Capabilities and Functionality

LeetAgent is a spyware tool developed by Memento Labs, an Italian company known for creating surveillance software. Once installed, LeetAgent is capable of:

  • Keylogging: Recording keystrokes to capture sensitive information like passwords and credentials.
  • Screen Recording: Capturing screenshots and video recordings of user activity.
  • Data Exfiltration: Stealing files, browser history, cookies, and other sensitive data.
  • Microphone Access: Recording audio from the device’s microphone.
  • Webcam Access: Capturing images and video from the device’s webcam.

The spyware operates stealthily, making it difficult for users to detect its presence. The use of a Chrome zero-day significantly increases the likelihood of successful deployment, as it allows attackers to bypass standard security measures.

Impact and Affected Users

The impact of this Chrome zero-day is potentially widespread, affecting any user who has not updated their Chrome browser to the latest version. Specific targets are currently unknown, but sophisticated spyware like LeetAgent is often used in targeted attacks against individuals of interest, such as journalists, activists, politicians, and business leaders. This highlights the need for comprehensive supply-chain risk monitoring.

Zero-Click Exploit Targets MCP and Linked AI Agents

In a related development, Operant AI’s security research team has identified a zero-click exploit called Shadow Escape that targets Model Context Protocol (MCP) and linked AI agents. This attack can steal sensitive data through AI assistants without requiring any user interaction.

How Shadow Escape Works

The Shadow Escape attack exploits AI platforms like ChatGPT, Claude, and Gemini, which rely on MCP connections to access organizational systems. An employee might upload a seemingly harmless PDF instruction manual to their AI assistant. The AI assistant, with legitimate access to various systems (CRM, Google Drive, SharePoint, internal databases), begins to access and connect multiple databases, potentially revealing sensitive data such as Social Security numbers, credit card information, and medical records. Malicious instructions embedded in the PDF then activate, causing the AI to upload session logs containing all the sensitive records to an external malicious endpoint, masked as routine performance tracking.

This attack leverages standard MCP configurations and default permissioning, leading to potentially massive data exposure across healthcare, financial services, and critical infrastructure sectors.

MuddyWater’s Phoenix Backdoor Targets Government Organizations

Further highlighting the escalating threat landscape, the Advanced Persistent Threat (APT) group MuddyWater has been linked to a phishing campaign targeting over 100 government entities. This campaign distributes the Phoenix backdoor malware, designed to exfiltrate sensitive intelligence from high-value government targets.

The MuddyWater Campaign

The MuddyWater campaign involves sending malicious emails from compromised accounts, using NordVPN exit nodes to mask their location. These emails contain Microsoft Word attachments with blurred content, tricking recipients into enabling macros. Once activated, the macros initiate a multi-stage infection chain, deploying the Phoenix backdoor.

The Phoenix backdoor copies itself to a legitimate-looking directory and establishes persistence by modifying the Windows registry. It gathers system information and beacons to the attacker’s command-and-control infrastructure for remote commands, including file upload/download, shell execution, and remote monitoring.

This campaign demonstrates MuddyWater’s evolving tactics and their persistent focus on governmental targets, underscoring the need for continuous threat monitoring and robust incident response plans.

TEE.Fail Attack Breaks Confidential Computing

Academic researchers have developed a side-channel attack called TEE.Fail, which targets the trusted execution environment (TEE) in CPUs from Intel, AMD, and NVIDIA. This attack allows the extraction of secrets from the highly secure areas of a system, such as Intel’s SGX and TDX, and AMD’s SEV-SNP.

TEE.Fail: How It Works

TEE.Fail is a memory-bus interposition attack on DDR5 systems, achievable with less than $1,000 of equipment. Trusted Execution Environments (TEEs) ensure the confidentiality and integrity of sensitive data, like cryptographic keys. Researchers discovered that modern TEE implementations, which have moved to server-grade hardware using DDR5 memory, have architectural trade-offs that make them vulnerable.

The attack requires physical access and root-level privileges for kernel driver modification. By reducing the system’s memory clock and attaching a RDIMM riser with a custom probe, attackers can record DDR5 command/address and data bursts. This allows them to capture ciphertexts and, through techniques like forcing data into a single memory channel and exploiting the Memory Address Translation component, recover private signing keys.

The implications of TEE.Fail include the ability to forge TDX attestations, fake Intel and NVIDIA attestations, and extract ECDH private keys, leading to breaches of confidentiality.

New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems

A new Android trojan, dubbed ‘Herodotus’, mimics human behavior to bypass biometric security and steal banking data. This sophisticated malware highlights the increasing complexity of mobile threats and the need for advanced detection and prevention mechanisms.

Herodotus: Mimicking Human Behavior

Herodotus operates by simulating human typing patterns, making it difficult for anti-fraud systems to differentiate between legitimate user input and malicious activity. This allows the trojan to bypass biometric and behavioral analysis security measures commonly used by banking apps. Once inside a banking app, Herodotus can steal credentials, initiate fraudulent transactions, and exfiltrate sensitive information.

Practical Takeaways and Actionable Advice

  • Keep Software Updated: Regularly update your Chrome browser and other software to patch known vulnerabilities.
  • Implement Multi-Factor Authentication (MFA): Use MFA to add an extra layer of security to your accounts.
  • Monitor AI Agent Permissions: Implement strict controls and monitoring for AI agents accessing sensitive data. Regularly audit and review permissions to minimize potential data exposure.
  • Employee Training: Conduct regular training sessions to educate employees about phishing tactics and social engineering techniques.
  • Cyber Threat Intelligence: Subscribe to cyber threat intelligence feeds to stay informed about emerging threats and vulnerabilities.
  • Endpoint Detection and Response (EDR): Deploy EDR solutions to detect and respond to malicious activities on endpoints.
  • Network Segmentation: Segment your network to limit the impact of potential breaches.
  • Dark Web Monitoring Service: Implement a dark web monitoring service to detect compromised credentials and other sensitive information.

PurpleOps and These Emerging Threats

The threats discussed above highlight the need for comprehensive and proactive cybersecurity measures. PurpleOps provides a range of services and solutions designed to help organizations protect themselves against these and other emerging threats. Our expertise in cyber threat intelligence, breach detection, , and dark web monitoring can help your organization identify and mitigate risks before they result in a costly breach.

Our cyber threat intelligence platform provides real-time ransomware intelligence, supply-chain risk monitoring, and PurpleOps Solutions, enabling you to stay ahead of potential threats. We also offer brand leak alerting and a live ransomware API to enhance your threat detection capabilities.

For organizations seeking a more proactive approach, our red team operations can simulate real-world attacks to identify vulnerabilities and improve your security posture.

telegram threat monitoring

PurpleOps can monitor telegram to identify potential threat actors and malicious activities.

To learn more about how PurpleOps can help protect your organization from these and other cybersecurity threats, PurpleOps Solutions or contact us for more information.

FAQ

Q: What is a zero-day exploit?

A: A zero-day exploit is a vulnerability that is unknown to the software vendor and for which no patch is yet available. This makes it particularly dangerous because attackers can exploit it before defenses are in place.

Q: What can I do to protect myself from the LeetAgent spyware?

A: Ensure your Chrome browser is up to date, use multi-factor authentication, and be cautious about clicking on suspicious links or downloading files from untrusted sources.

Q: How can PurpleOps help protect my organization from these threats?

A: PurpleOps offers a range of services, including cyber threat intelligence, breach detection, and dark web monitoring, to help organizations identify and mitigate risks before they result in a costly breach.