- Chrome zero-day exploit to attack Russian institutions using Dante spyware
- Dante, linked to Memento Labs, allows you to escape from the sandbox and steal files
- Commercial spyware is often sold to regimes that target dissidents and journalists.
According to experts, a high-severity vulnerability in Google Chrome was being abused as a zero-day, to attack Russian media outlets, government organizations, and educational and financial institutions.
Cybersecurity researchers at Kaspersky Lab said they used commercial malware called Dante as part of what they called Operation ForumTroll in March 2025.
During the investigation, the team observed that an 8.3/10 (high) “mishandling” vulnerability was being exploited in the Chrome browser, allowing remote attackers to perform a sandbox escape via a malicious file, stealing sensitive files from the underlying system.
Dante spyware
The malware used in this attack was later identified as Dante, a commercial spyware supposedly developed by a company called Memento Labs.
This company is the successor to Hacking Team, an Italian company that was acquired after suffering a cyberattack in 2015, when confidential files were leaked to the public revealing that Hacking Team was selling its tools to authoritarian regimes and various government institutions.
The company was acquired in 2019 by InTheCyberGroup, which used it as a base to establish Memento Labs, which in 2023 reportedly presented Dante spyware at the ISS World Middle East and Africa conference.
Commercial spyware companies aren’t exactly new, but they’re generally frowned upon.
Many advertise their services as help against terrorism, cyber espionage and various clandestine activities, but in reality many are selling their services to authoritarian regimes. These governments then use the malware to attack high-profile political opponents, dissidents, journalists, foreign diplomats, and similar individuals.
Perhaps the best example is the Israeli group NSO, which was blacklisted by the United States in 2021 for developing and supplying spyware that foreign governments used to “maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” which was considered contrary to the national security and foreign policy interests of the United States.
Through beepcomputer
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
The best antivirus for all budgets
