exploit, firefox, google chrome, google tag, spyware, surveillance, variston it, windows, microsoft, android

Google’s Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company.

While TAG is Google’s team of security experts focused on protecting Google users from state-sponsored attacks, it also keeps track of dozens of companies that enable governments to spy on dissidents, journalists, and political opponents using surveillance tools.

The search giant says the Barcelona-based software firm is one of these commercial surveillance vendors and not just a provider of custom security solutions as it officially claims.

“Continuing this work, today, we’re sharing findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions,” Google TAG’s Clement Lecigne and Benoit Sevens said on Wednesday.

“Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device.”

The exploitation framework consists of multiple components, each of them targeting specific security flaws in software on the targets’ devices:

  • Heliconia Noise: a web framework for deploying a Chrome renderer bug exploit followed by a Chrome sandbox escape to install agents on the targeted device
  • Heliconia Soft: a web framework that deploys a PDF containing the Windows Defender exploit tracked as CVE-2021-42298
  • Heliconia Files: a set of Firefox exploits for Linux and Windows, one tracked as CVE-2022-26485

For Heliconia Noise and Heliconia Soft, the exploits would ultimately deploy an agent named ‘agent_simple’ on the compromised device.

However, the sample of this framework analyzed by Google contained a dummy agent that runs and exits without executing any malicious code.

Google believes the framework’s customer provides their own agent or it is part of another project they do not have access to.

Even though there’s no evidence of active exploitation of the targeted security vulnerabilities, and Google, Mozilla, and Microsoft patched them in 2021 and early 2022, Google TAG says that “it appears likely these were utilized as zero-days in the wild.”

A Variston IT spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

Google’s spyware vendor tracking efforts

In June, the company’s TAG team also revealed that Italian spyware vendor RCS Labs was helped by some Internet Service Providers (ISPs) to deploy commercial surveillance tools on the devices of Android and iOS users in Italy and Kazakhstan.

During the attacks, the targets were prompted to install malicious apps (camouflaged as legitimate mobile carrier apps) in drive-by-downloads to get back online after their Internet connection was cut off with the help of their ISP.

One month earlier, Google TAG exposed another surveillance campaign when state-backed threat actors exploited five zero-day bugs to install Predator spyware developed by commercial spyware developer Cytrox.

Google said at the time that it’s actively tracking over 30 vendors with varying levels of public exposure and sophistication selling surveillance capabilities or exploits to government-sponsored threat groups or actors.

“The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups,” Google TAG added today.

“These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry.”

TECH NEWS RELATED

Xiaomi phone with Samsung E6 OLED breaks Android display brightness record

Samsung recently showcased its newest OLED panel—E6 Super AMOLED—for smartphones that can reach up to 2,000 nits of peak brightness. It is the same panel used in the iPhone 14 Pro and the iPhone 14 Pro Max. Now, Android smartphone makers have started using the same panel, and Xiaomi’s ...

View more: Xiaomi phone with Samsung E6 OLED breaks Android display brightness record

Pixel 7 bug causes phone to freeze while watching YouTube and YouTube TV

Despite being one of the best Android smartphones on the market, Google’s Pixel 7 suffers from several annoying bugs and problems that users have to contend with. One such bug has actually been plaguing users since the phone launched, but complaints continue to spring up. 9to5Google reports that the ...

View more: Pixel 7 bug causes phone to freeze while watching YouTube and YouTube TV

How to Install Any Add-on in Firefox for Android

When Mozilla launched a re-designed version of Firefox for Android a few years back, it only came with support for a few add-ons – just for the sake of compatibility. Fast forward to present day and the restoration of full add-on support is not yet complete. The good news, ...

View more: How to Install Any Add-on in Firefox for Android

Newest Android version installed on a mere 5% of devices

Android 13 is out of the reach of most users. In contrast, virtually all iPhone owners can install iOS 16. Photo: Ed Hardy/Cult of Mac It’s considered somewhat controversial that iOS 16 has been installed on only about 70% of iPhones four months after its release. But that’s a ...

View more: Newest Android version installed on a mere 5% of devices

Just How Popular Is Mobile Gaming on Android Devices?

Mobile gaming exceeded any expectations regarding its profitability and popularity. Today is considered one of the fastest-growing entertainment sectors. It continues to attract new mobile gamers and expand the demographic of the gaming sector. In fact, it is one of the main reasons why gaming has become globally popular. ...

View more: Just How Popular Is Mobile Gaming on Android Devices?

Malware is Sneaking Into Google Search Ads

Malware and viruses always, always, find a way. You need to be extra careful while browsing online, but sometimes, malware can still pop up in the places you least expect it — including in Google Search ads. Hackers and malware developers have set up fake websites for popular pieces ...

View more: Malware is Sneaking Into Google Search Ads

Five months after launching, Android 13 is running on 5.2% of devices

In the past five months we’ve seen smartphone brands update their handsets to Android 13 as well as launch new models running this latest version of Android out of the box. While the likes of Samsung are leading the charge when it comes to issuing OS updates, there are ...

View more: Five months after launching, Android 13 is running on 5.2% of devices

You can now sign up for Twitter Blue on Android for $11 a month

Ahh, Twitter. Gone are the days of applying for and failing to get verification for unspecified reasons, with Musk’s vision of Twitter Blue you can now sign up and pay your way to a verified tick. And from today onwards, you can even do so via the official Twitter ...

View more: You can now sign up for Twitter Blue on Android for $11 a month

Amazon, Meta and Google are actually spending big on clean energy

Galaxy Tab S6 Lite (2020) gets Android 13 One UI 5.0 update

10 Best Android Travel Apps To Plan Your Next Trip

First post-Android 13 update to Galaxy A72 brings January 2023 security patch

Galaxy A02 gets a new update but it’s not Android 12

Google is testing way to measure distance between devices via Bluetooth

Only 5.2% of devices running Android 13 five months after launch

Galaxy S10 Lite Android 13 (One UI 5) update reaches the USA

Everything you need to know on how to unlock Bluetooth support on the Stadia Controller

How to back up and delete your Gmail so you don’t have to pay for storage

Google’s rumored AirTag rival could be an Android moment for Bluetooth trackers

US unlocked Galaxy S20 is finally getting Android 13 One UI 5

OTHER TECH NEWS

Top Car News Car News