News

Google Accuses Spanish Company Variston IT of Creating Spyware and Exploiting 0-Day

Photo of Daniel Zimmermann Daniel ZimmermannDecember 2, 2022
0 124 1 minute read

Google Threat Analysis Group (TAG) accuses the Spanish company Variston IT of developing spyware, as creating spyware and frameworks that exploit already fixed vulnerabilities in Chrome, Firefox and Microsoft Defender.

Let me remind you that we recently reported that Google Sued G Verifier Scammers Who Posed as Company Representatives, and also that Google Claims RCS Lab Hacking Tools Are Being Used to Target iOS and Android Users.

According to the official website, Variston IT positions itself as a provider of customized information security solutions, including for SCADA and IoT integrators, custom patches for proprietary systems, data discovery tools, and also offers security training and develops security protocols for embedded devices.

However, TAG experts write that Variston IT sells another product not mentioned on the site: frameworks that provide the client with everything necessary to install malware on devices of targets that need to be monitored.

Their Heliconia platform exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools needed to deploy payloads to target devices.the TAG report reads.

According to the researchers, the company’s frameworks consist of several components, each of which targets specific vulnerabilities on target devices:

  1. Heliconia Noise: a web framework for exploiting a rendering error in Chrome, then exiting the browser sandbox and installing malware on the target device;
  2. Heliconia Soft: a web framework that deploys a PDF containing an exploit for a vulnerability in Microsoft Defender (CVE-2021-42298);
  3. Heliconia Files: A set of exploits for Firefox for Linux and Windows, one of which is designed to attack the CVE-2022-26485 vulnerability.

Google accuses Variston IT

Ultimately, Heliconia Noise and Heliconia Soft deploy the “agent_simple” agent on the target system. However, the sample framework studied by Google contained only a dummy agent that started and immediately exited without executing any malicious code. The researchers believe that the users of the framework apply their own agents, or all this is part of another project to which the specialists did not have access.

Google TAG says they found out about Heliconia after receiving anonymous reports through Chrome’s bug reporting program. Experts believe that the company exploited the mentioned problems even before the release of the patches, when the bugs were still zero-day vulnerabilities.

Also the media said that Google Blocked Dozens of Domains Owned by Hacker Mercenaries.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannDecember 2, 2022
0 124 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Hackers attack easyJet Airlines

Hackers attacked easyJet airlines, 9 million users injured

May 20, 2020
Fake Zoom Domains

Cybercriminals Spread Malware through Zoom Fake Domains

March 30, 2020
US Senator asks FBI to investigate FaceApp

US Senator asks FBI to investigate FaceApp

July 19, 2019
Google Play clicker Trojan installed over 100 million times

Google Play clicker Trojan installed over 100 million times

August 10, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button