Security News > 2022 > December > Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018.
"Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
Heliconia comprises a trio of components, namely Noise, Soft, and Files, each of which are responsible for deploying exploits against bugs in Chrome, Windows, and Firefox, respectively.
Noise is designed to take advantage of a security flaw in the Chrome V8 engine JavaScript engine that was patched in August 2021 as well as an unknown sandbox escape method called "Chrome-sbx-gen" to enable the final payload to be installed on targeted devices.
The Files package - the third framework - contains a Firefox exploit chain for Windows and Linux that leverages a use-after-free flaw in the browser that was reported in March 2022.
Google TAG said it became aware of the Heliconia attack framework after receiving an anonymous submission to its Chrome bug reporting program.
News URL
https://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html
Related news
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)