Google says Spanish spyware vendor exploited zero-day vulnerabilities in Chrome, Firefox and Windows – Times of India
As per a blog post by Google, Barcelona-based Variston IT’s Heliconia framework provided tools necessary to deploy a payload to a target device. Google’s Threat Analysis Group (TAG) says that the affected vulnerabilities in Chrome, Microsoft and Firefox were fixed in 2021 and early 2022.
TAG team notes that it became aware of the Heliconia framework when Google received an anonymous submission mentioning three bugs.
“They used unique names in the bug reports including, ‘Heliconia Noise,’ ‘Heliconia Soft‘ and ‘Files.’ TAG analysed the submissions and found they contained frameworks for deploying exploits in the wild and a script in the source code included clues pointing to the possible developer of the exploitation frameworks, Variston IT,” Google said in a blog post.
How users were affected
Google says that commercial spyware, like NSO Group’s Pegasus spyware, gives advanced surveillance capabilities to governments “who use them to spy on journalists, human rights activists, political opposition and dissidents.” Heliconia framework may also have been used for such activities, however, there is no information about it yet.
“Google and TAG are committed to disrupting these threats, protecting users, and raising awareness of the risks posed by the growing commercial spyware industry,” the search engine giant said.
Spyware industry growth a concern
As per TAG’s research, the world has seen a proliferation of commercial surveillance and commercial spyware vendors now have developed capabilities that were previously only available to governments with deep pockets and technical expertise.
“The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety,” Google concluded in the blog post.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.