According to a recent blog post from Google, the company's security researchers have detected vulnerabilities in Chrome, Firefox, and Windows. The post details the steps that have been taken since the discovery of a commercial spyware operation with ties to Variston IT - a Barcelona-based company that claims to provide custom security solutions.
It is believed that Variston IT is connected to an exploitation framework called "Heliconia," which works in three ways: by exploiting a Chrome renderer bug to run malware on a user's operating system; by deploying a malicious PDF document containing an exploit for Windows Defender; and by utilizing a set of Firefox exploits for Windows and Linux machines. The Heliconia exploit was used as early as December 2018 with the release of Firefox 64.
The new information released by Google reveals that Heliconia was likely used in the wild as a zero-day exploit. However, Heliconia poses no risk to users today as Google says it cannot detect active exploitation. The bugs have been fixed by Google, Mozilla, and Microsoft in early 2021 and 2022.
Although Heliconia is patched, commercial spyware is a growing problem, Google says. TAG's research into Heliconia is available in Google's new blog post, which Google is publishing to raise awareness about the threat of commercial spyware.
commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition and dissidents. To protect yourself against Heliconia and other exploits like it, it’s essential to keep your internet browsers and operating system up to date.
For more details on this story, visit the following links
- https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston/