Trend Micro researchers have disclosed details about a new watering hole attack targeting the Korean diaspora. The campaign involves the use of SLUB (for SLack and githUB) malware and two new backdoors dneSpy and agfSpy to exfiltrate system information and gain additional control of the compromised machine. The attack weaponizes an already patched Chrome vulnerability (CVE-2019-5782) that allows an attacker to execute arbitrary code inside a sandbox via a specially-crafted HTML page.
Source: https://thehackernews.com/2020/10/browser-exploit-backdoor.html