Google discovers new commercial spyware that exploits Chrome, Firefox


New Delhi, Dec 2 (IANS): As commercial spyware like Pegasus puts advanced surveillance capabilities in the hands of governments to spy on journalists, human rights activists, political opposition and dissidents, Google has discovered a new commercial spyware that exploits vulnerabilities in Google Chrome, Mozilla Firefox and Microsoft Defender.

The Google Threat Analysis Group (TAG) shared findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions.

"Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device," said the team.

Google, Microsoft and Mozilla fixed the affected vulnerabilities in 2021 and early 2022.

"While we have not detected active exploitation, it appears likely these were utilised as zero-days in the wild," said the TAG researchers.

TAG has created detections in Safe Browsing to warn users when they attempt to navigate to dangerous sites or download dangerous files.

"To ensure full protection against Heliconia and other exploits, it's essential to keep Chrome and other software fully up-to-date," they mentioned in a blog post.

The TAG security team became aware of the Heliconia framework when Google received an anonymous submission to the Chrome bug reporting programme.

"The exploitation frameworks, listed below, included mature source code capable of deploying exploits for Chrome, Windows Defender and Firefox. Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0-days before they were fixed," said the Google researchers.

Earlier reports have shown proliferation of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously only available to governments with deep pockets and technical expertise.

TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.

The Google teams earlier this year found strong evidence that enterprise-grade Android spyware called 'Hermit' is being used via SMS messages to target high-profile Android users.

'Hermit' is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company operating as a front company.

Italian spyware vendor RCS Lab, a known developer that has been active for over three decades, operates in the same market as Pegasus developer NSO Group.

RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.

 

  

Top Stories


Leave a Comment

Title: Google discovers new commercial spyware that exploits Chrome, Firefox



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.