Google security researchers are sharing new information about vulnerabilities detected in Chrome, Firefox, and Windows.
In a blog post, Google and Threat Analysis Group (TAG) detail steps taken since discovering a commercial spyware operation with ties to Variston IT.
Based in Barcelona, Spain, Variston IT claims to provide custom security solutions. However, the company is connected to an exploitation framework called “Heliconia.”
Heliconia works in three ways:
- It exploits a Chrome renderer bug to run malware on a user’s operating system.
- It deploys a malicious PDF document containing an exploit for Windows Defender.
- It utilizes a set of Firefox exploits for Windows and Linux machines.
The Heliconia exploit was used as early as December 2018 with the release of Firefox 64.
New information released by Google reveals Heliconia was likely used in the wild as a zero-day exploit.
Heliconia poses no risk to users today, as Google says it cannot detect active exploitation. Google, Mozilla, and Microsoft fixed the bugs in early 2021 and 2022.
Although Heliconia is patched, commercial spyware is a growing problem, Google says:
“TAG’s research underscores that the commercial surveillance industry is thriving and has expanded significantly in recent years, creating risk for Internet users around the globe. Commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition and dissidents.”
To protect yourself against Heliconia and other exploits like it, it’s essential to keep your internet browsers and operating system up to date.
TAG’s research into Heliconia is available in Google’s new blog post, which Google is publishing to raise awareness about the threat of commercial spyware.
Featured Image: tomfallen/Shutterstock