Google discovers a Windows exploit that points to distribution of spyware
Google’s in-house Threat Analysis Group has recently uncovered an exploit framework that takes advantage of vulnerabilities in web browsers and other system utilities. TAG has also linked the exploit framework to a Spanish software company based in Barcelona. The exploit framework is known to target vulnerabilities in Microsoft Defender, Google Chrome, and Mozilla Firefox.
TAG is primarily one of Google’s expert-led lines of defense against state-sponsored attacks. However, TAG also keeps tabs on companies that let governments spy on political and moral opponents, dissidents, and journalists using tools of the surveillance trade. Officially, the Barcelona-based company claims to be nothing more than a custom security solution provider. However, the truth seems to be much more sinister. According to Google, this Spanish software company is one such commercial vendor of surveillance.
‘Continuing this work, today, we're sharing findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions.’
These are the sentiments of TAG’s Benoit Sevens and Clement Lecigne who recently addressed the team’s findings. TAG also stated that ‘Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device.’
As TAG found, the exploit framework has three main components:
- Heliconia Noise: A Web framework that deploys renderer bug exploits. The framework then installs malevolent agents on the target system by deploying a Chrome sandbox escape.
- Heliconia Soft: A second web framework that carries a PDF payload that contains the Windows Defender exploit currently tracked as CVE-2021-42298.
- Heliconia Files: A set of exploits for Windows and Linux that target Firefox. One of these is currently being tracked as CVE-2022-26485.
Yesterday, TAG stated that The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws; they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety, which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry.’
In other related news, Google is apparently developing tech to replace internet cookies.
Advertisement
So Google pointed Windows back at itself?
I often feel like Sam & Frodo when they were outside Minas Morgul staring at the horde of Orcs marching…. the Horde of Orcs are not Orcs in this case. They are Windows users unaware of the chains they are in.
How long before Google unmasks its own garbage? There are many poor redesigns that are useless. Everywhere there are so many unsightly circular corners. Why is their Google Play website currently so diluted? Even sorting comments is no longer possible. It resembles a single awful mobile website with no functionality.
“TAG also keeps tabs on companies that let governments spy on political and moral opponents, dissidents, and journalists using tools of the surveillance trade.”
Isn’t Google one of the largest of such companies ?
The writers’ About is wordier than the article.
Mitigations???
Are Windows, Chrome & Firefox patched???
This article is incomplete.
BTW, the “spanish” software company could be providing services to any other government/NGO in the world. Who knows how deep the rabbit hole goes?
There’s probably hundreds of these companies developing exploits of Chrome and Firefox security vulnerabilities. This Variston IT company must have had a falling out with the American spy community, for the NSA to allow Google to expose them like this. There’s no way a report like this gets released without the NSA checking to see if it exposes American spycraft sources and methods first.
“Google discovers a Windows exploit that points to distribution of spyware”
Too late, many systems are already infected with chrome.exe spyware. Now we have an edge.exe variant as well.
+1
No, better +10.
The affected software should give thanks to this spanish company.
Nothing new under the sun, everyday a new exploit and so forth.
Thanking an exploit hoarding company peddling them to governments of dictatorships and so called democracies? I don’t think their boots’ soles taste that good for me to give them a lick.
@Frankel, welcome to the modern Europe.
By the way, what a beautiful word the heliconia. What a beautiful plant with nice flowers, indeed.
https://en.wikipedia.org/wiki/Heliconia
>In other related news, Google is apparently developing tech to replace internet cookies.
May they fail over and over again. The cookie system needs no alternative and I will keep scrubbing their trackers and isolate them for each site as I deem fit.
FloC, Topics, etc pp. New name, same cyber bingo BS.