Security News > 2022 > December > Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018.
"Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
Heliconia comprises a trio of components, namely Noise, Soft, and Files, each of which are responsible for deploying exploits against bugs in Chrome, Windows, and Firefox, respectively.
Noise is designed to take advantage of a security flaw in the Chrome V8 engine JavaScript engine that was patched in August 2021 as well as an unknown sandbox escape method called "Chrome-sbx-gen" to enable the final payload to be installed on targeted devices.
The Files package - the third framework - contains a Firefox exploit chain for Windows and Linux that leverages a use-after-free flaw in the browser that was reported in March 2022.
Google TAG said it became aware of the Heliconia attack framework after receiving an anonymous submission to its Chrome bug reporting program.
News URL
http://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html
Related news
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (source)