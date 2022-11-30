



A Barcelona-based company that calls itself a custom security solutions provider has exploited several zero-day vulnerabilities in Windows, Chrome and Firefox browsers to launch spyware, security researchers at Google said.

In a study shared with TechCrunch ahead of its publication on Wednesday, Google’s Threat Analysis Group (TAG) identified Variston IT, which claims to offer customized cybersecurity solutions, an exploit framework that can install spyware onto targeted devices. said to be associated with

Our team is made up of the industry’s most experienced professionals. We are a young but fast growing company.

Researchers at Google became aware of the so-called Heliconia exploit framework after it was anonymously posted to the Chrome bug reporting program. After analyzing the framework, Google researchers found source code clues that suggested Variston IT was likely the developer.

Heliconia consists of three separate exploit frameworks. One contains an exploit for the Chrome renderer bug, allowing it to bypass the app sandbox wall and run malware on the operating system. The other deploys malicious PDF documents containing exploits for Windows Defender, the default antivirus engine in modern versions of Windows. Another framework contains a set of Firefox exploits for Windows and Linux machines.

Google states that the Heliconia exploit works against Firefox versions 64 to 68, suggesting that the exploit was in use in December 2018 when Firefox 64 was first released.

Google has not confirmed that the bug has been actively exploited in the wild, but since companies do not have time to roll out a fix, or it is a zero day, the bug is available as a zero day, so named. said that it was likely that it was later exploited as an n-day bug. When the bug is exploited, but after a patch is available. Google, Microsoft and Mozilla fixed the bug in early 2021 and 2022.

Ralf Wegner, director of IT at Variston, told TechCrunch in an email that the company wasn’t aware of Google’s research and couldn’t verify its findings, but said, “I would be surprised if something like that happened. right” [sic] Item was found in the wild. ”

Google said in a blog post that commercial spyware like the Heliconia framework includes features once available only to governments. These capabilities include covertly recording audio, making or redirecting phone calls, and stealing data such as text messages, call logs, contacts, and detailed GPS location data from the targeted device.

The growth of the spyware industry puts users at risk and makes the Internet less secure. Surveillance techniques may be legal under national or international law, but they are often used in detrimental ways to conduct digital espionage against various groups. , represents a serious risk to your online safety. As such, Google and TAG will continue to take action against the commercial spyware industry and publish our findings. ”

Google’s investigation comes months after linking a previously unknown Android mobile spyware (called Hermit) to Italian software company RCS Lab.

