Security News > 2022 > December > Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018.

"Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.

Heliconia comprises a trio of components, namely Noise, Soft, and Files, each of which are responsible for deploying exploits against bugs in Chrome, Windows, and Firefox, respectively.

Noise is designed to take advantage of a security flaw in the Chrome V8 engine JavaScript engine that was patched in August 2021 as well as an unknown sandbox escape method called "Chrome-sbx-gen" to enable the final payload to be installed on targeted devices.

The Files package - the third framework - contains a Firefox exploit chain for Windows and Linux that leverages a use-after-free flaw in the browser that was reported in March 2022.

Google TAG said it became aware of the Heliconia attack framework after receiving an anonymous submission to its Chrome bug reporting program.

News URL

http://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html