On 30th November, Google’s Threat Analysis Group (TAG) reported that a Barcelona-based company, actually a spyware vendor, named Variston IT has been exploiting n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender under the guise of a custom cybersecurity solutions provider.
In their detailed technical report, TAG explained that Variston IT had been using their exploitation framework called Heliconia to install spyware on the targeted devices. The researchers at Google received an anonymous submission to Chrome’s bug reporting program which brought to their attention the exploitation framework.
Heliconia actually contains three separate exploitation frameworks. One of them is used to compromise the Chrome renderer bug so that it can escape the walls of the app’s sandbox and run malware on the operating system.
Another one is used to deploy malicious PDF documents containing an exploit for Windows Defender (a built-in antivirus engine in the newer versions of Windows). The last framework is for compromising Windows and Linux machines by using a set of Firefox exploits.
In its report, the tech giant observed that the Heliconia exploit is successful against Firefox versions 64 to 68, which suggests that it was created and used as early as December 2018 when Firefox 64 first came out.
Google, Microsoft, and Mozilla fixed the vulnerabilities in 2021 and early 2022. They further stated that, although they had not detected active exploitation, it is likely that the vulnerabilities had been exploited before they could be fixed.
- Google cracks down on sites with ties to hack-for-hire groups
- Israeli Spyware Vendor Use Chrome 0day to Target Journalists
- ISPs Helping Attackers Install Hermit Spyware on Smartphones
- Malware vendor returns with yet another nasty Android malware
- European Spyware Vendor Offer Android and iOS Device Exploits
According to Google, commercial spyware vendors put advanced surveillance capabilities in the hands of governments who can then use them to spy on journalists, human rights activists, political opposition, and dissidents.
Therefore, there needs to be more transparency to ensure that companies adhere to their stated ethical standards in whom they make transactions with and whom they target with their products.
It is advised that users keep their Chrome and other software up-to-date with the security patches to ensure full protection against Heliconia.