Spyware vendors use 0-days and n-days against popular platforms

Google TAG uncovered a December 2022 multi-stage exploit chain delivered via one-time SMS links to UAE users that abused multiple 0-day and n-day vulnerabilities in Samsung Internet Browser (Chromium 102) and device components to install a full-featured C++ Android spyware suite; the report lists exploited CVEs (e.g., CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, CVE-2023-0266), suggests ties to commercial spyware vendor Variston, and provides related IOCs and Android system/file indicators.