Security News > 2022 > December > Google warns of commercial Heliconia spyware hitting Chrome, Firefox, Microsoft Defender

Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software.
The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.
"Commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition and dissidents."
Chris Clements, VP of solutions architecture at cybersecurity biz Cerberus Sentinel, told The Register that commercial spyware is simply spyware that companies try to make acceptable by claiming that they sell only to governments - as if spying on citizens needs no justification.
Clements said, in his opinion, that the only difference between commercial spyware makers and sellers of ransomware-as-a-service or initial access brokers on the dark web is their target customer base and the level of polish of their product.
While we're talking spyware.... The NSO Group, possibly the most widely known commercial spyware vendor for its Pegasus software, was sued on Wednesday by the Knight Institute at Columbia University, acting on behalf of 15 journalists and other members of El Salvador-based news organization El Faro.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/01/google_heliconia_spyware/
Related news
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers (source)
- New North Korean Android spyware slips onto Google Play (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)