This post is also available in: עברית (Hebrew)
Google has discovered a new commercial spyware that exploits vulnerabilities in Google Chrome, Mozilla Firefox, and Microsoft Defender. The Google Threat Analysis Group (TAG) have recently shared findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain, that claims to be a provider of custom security solutions.
“Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device,” said the team. “While we have not detected active exploitation, it appears likely these were utilized as zero-days in the wild.”
TAG has created detections in Safe Browsing to warn users when they attempt to navigate to dangerous sites or download dangerous files. The following quote has been mentioned on their official site: “To ensure full protection against Heliconia and other exploits, it’s essential to keep Chrome and other software fully up-to-date.”
Business-standard.com writes that the TAG security team became aware of the Heliconia framework when Google received an anonymous submission to the Chrome bug reporting program. “The exploitation frameworks included mature source code capable of deploying exploits for Chrome, Windows Defender and Firefox. Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0-days before they were fixed,” said the Google researchers.
Earlier reports have shown proliferation of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously only available to governments with deep pockets and technical expertise. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors. The Google teams earlier this year found strong evidence that enterprise-grade Android spyware called ‘Hermit’ is being used via SMS messages to target high-profile Android users.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th
Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!