Security News > 2022 > December > Google warns of commercial Heliconia spyware hitting Chrome, Firefox, Microsoft Defender

Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software.

The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.

"Commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition and dissidents."

Chris Clements, VP of solutions architecture at cybersecurity biz Cerberus Sentinel, told The Register that commercial spyware is simply spyware that companies try to make acceptable by claiming that they sell only to governments - as if spying on citizens needs no justification.

Clements said, in his opinion, that the only difference between commercial spyware makers and sellers of ransomware-as-a-service or initial access brokers on the dark web is their target customer base and the level of polish of their product.

While we're talking spyware.... The NSO Group, possibly the most widely known commercial spyware vendor for its Pegasus software, was sued on Wednesday by the Knight Institute at Columbia University, acting on behalf of 15 journalists and other members of El Salvador-based news organization El Faro.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/01/google_heliconia_spyware/