The commercial spyware industry has increasingly come under fire for selling powerful surveillance tools to anyone who can pay, from governments to criminals around the world. Across the European Union, details of how spyware has been used to target activists, opposition leaders, lawyers, and journalists in multiple countries have recently touched off scandals and calls for reform. Today, Google’s Threat Analysis Group announced action to block one such hacking tool that targeted desktop computers and was seemingly developed by a Spanish firm.
The exploitation framework, dubbed Heliconia, came to Google’s attention after a series of anonymous submissions to the Chrome bug reporting program. The disclosures pointed to exploitable vulnerabilities in Chrome, Windows Defender, and Firefox that could be abused to deploy spyware on target devices, including Windows and Linux computers. The submission included source code from the Heliconia hacking framework and called the vulnerabilities Heliconia Noise, Heliconia Soft, and Files. Google says the evidence points to the Barcelona-based tech firm Variston IT as the developer of the hacking framework.
“The findings indicate that we have many small players within the spyware industry, but with strong capabilities related to zero days,” TAG researchers told WIRED, referring to unknown, unpatched vulnerabilities.
Variston IT did not respond to a request for comment from WIRED. The company’s director, Ralf Wegner, told TechCrunch that Variston was not given the opportunity to review Google’s research and could not validate it. He added that he “would be surprised if such item was found in the wild.” Google confirmed that the researchers did not contact Variston IT in advance of publication, as is the company’s standard practice in these types of investigations.
Google, Microsoft, and Mozilla patched the Heliconia vulnerabilities in 2021 and 2022, and Google says it has not detected any current exploitation of the bugs. But evidence in the bug submissions indicates that the framework was likely being used to exploit the flaws starting in 2018 and 2019, long before they were patched. Heliconia Noise exploited a Chrome renderer vulnerability and a sandbox escape, while Heliconia Soft used a malicious PDF laced with a Windows Defender exploit, and Files deployed a group of Firefox exploits for Windows and Linux. TAG collaborated on the research with members of Google’s Project Zero bug-hunting group and the Chrome V8 security team.
The fact that Google does not see current evidence of exploitation may mean that the Heliconia framework is now dormant, but it might also indicate that the hacking tool has evolved. “It could be there are other exploits, a new framework, their exploits didn’t cross our systems, or there are other layers now to protect their exploits,” TAG researchers told WIRED.
Ultimately, the group says its goal with this type of research is to shed light on the commercial spyware industry’s methods, technical capabilities, and abuses. TAG created detections for Google’s Safe Browsing service to warn about Heliconia-related sites and files, and the researchers emphasize that it’s always important to keep software up to date.
“The growth of the spyware industry puts users at risk and makes the internet less safe,” TAG wrote in a blog post about the findings. “And while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups.”
From old photos of UAE leaders to rare stamps, this Indian expat’s extensive collection features nearly 10,000 pieces
How to build your own spy balloon
Bowser announces pick to run D.C.’s beleaguered 911 call center
Famed LA mountain lion’s death shines light on tribal talks
Wheelchairs 4 Kids of Tarpon Springs impacted by phone fiasco
Sesame Vegetable Fried Rice With Baked Tofu Recipe
Butternut Squash and Pea Mac and Cheese Recipe
Spaghetti With Bacon and Broccoli-Parmesan Cream Sauce Recipe
Whole Wheat Dumpling-Topped Chicken Pot Pie Recipe
Google Pixel Watch Review: A Fun Smartwatch to Help Build Your Fitness Game
‘The Challenge’: Horacio Thanked Olivia for Making Him a ‘Better Person’ After Exit
China less hesitant to fill Afghan power vacuum
Carrie Underwood’s Album ‘Denim & Rhinestones’ Was Shut Out of the 2023 Grammy Awards
China’s hypersonic triad pressing down on US
‘The Last of Us’ Actor Gabriel Luna Says He Needs Only 2 People on His Apocalypse Dream Team
News24 hours ago
GOP Rep. Responsible For AR-15 Pins Reveals Himself
Sport22 hours ago
Man Utd ‘had Juranovic January transfer lined up’ before Wan-Bissaka U-turn
News20 hours ago
Biden took out $250K line of credit against Delaware beach home amid Hunter probe, classified docs scandal
Tech18 hours ago
Radioactive Capsule Finally Found in Australia After Massive Search
Tech10 hours ago
Big Tech groups disclose $10 billion in charges from job culls and cost cuts
Finance18 hours ago
Fantom Price Prediction as Bullish Roadmap is Revealed by Andre Cronje – Can FTM Reach $10?
News14 hours ago
Nicola Bulley fell into the river, police believe
Lifestyle12 hours ago
Ben Affleck, Matt Damon’s Nike Film ‘Air’ to Get $7 Million Super Bowl Ad From Amazon, Plus Unprecedented Theatrical Release (EXCLUSIVE)