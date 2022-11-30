



The commercial spyware industry is increasingly under fire for selling powerful surveillance tools to anyone who can pay, from governments to criminals around the world. Details of how spyware was used to target activists, opposition leaders, lawyers and journalists in multiple countries across the European Union have recently sparked scandals and calls for reform. Today, Google’s Threat Analysis Group announced steps to block one of the hacking tools that target desktop computers and are believed to have been developed by a Spanish company.

An exploit framework called Heliconia came to Google’s attention after a series of anonymous posts to Chrome’s bug reporting program. This disclosure points to exploitable vulnerabilities in Chrome, Windows Defender, and Firefox that can be used to deploy spyware to target devices, including Windows and Linux computers. The submission contained source code for the Heliconia hacking framework, called vulnerabilities Heliconia Noise, Heliconia Soft, and Files. Google says evidence points to Balliston IT, a technology company based in Barcelona, ​​as the developer of the hacking framework.

The findings show that there are many small players within the spyware industry, but they have powerful capabilities related to zero-days, TAG researchers told WIRED, adding that unknown patches have been applied. I mentioned a vulnerability that is not

Variston IT did not respond to WIRED’s request for comment. The company’s director, Ralph Wegner, told TechCrunch that Variston wasn’t given a chance to review Google’s research and was unable to verify it. Google confirmed that the researchers did not contact Variston IT prior to publication, as per the company’s standard practice for this type of research.

Google, Microsoft, and Mozilla patched the Heliconia vulnerability in 2021 and 2022, but Google says it’s not currently detecting exploits for the bug. However, evidence from bug submissions indicates that the framework was likely used to exploit the flaw starting in 2018 and 2019, long before the patch was applied. Heliconia Noise exploited Chrome renderer vulnerabilities and sandbox escapes, Heliconia Soft used malicious PDFs laced with Windows Defender exploits, and Files deployed a group of Firefox exploits for Windows and Linux. TAG worked with Google’s Project Zero Bug Hunting Group and members of the Chrome V8 Security Team to investigate.

The fact that Google sees no evidence of exploitation at this time may mean that the Heliconia framework is currently dormant, but it could also indicate that hacking tools are evolving. There is a nature. There could be other exploits, new frameworks, exploits that didn’t make it through the system, or there could be other layers to protect exploits, the TAG researchers told WIRED.

Ultimately, the group says the purpose of this type of investigation is to shed light on the methods, technical capabilities and abuses of the commercial spyware industry. TAG has created a detection for Google’s Safe his browsing service that warns about Heliconia-related sites and files. Researchers stress the importance of keeping software up to date.

The growth of the spyware industry is putting users at risk and making the Internet less secure, TAG wrote in a blog post about its findings. And while surveillance technology may be legal under national or international law, it is often used in detrimental ways to conduct digital espionage against various groups.

