News

Google Accuses Spanish Company Variston IT of Creating Spyware and Exploiting 0-Day

Photo of Daniel Zimmermann Daniel ZimmermannDecember 2, 2022
0 76 1 minute read

Google Threat Analysis Group (TAG) accuses the Spanish company Variston IT of developing spyware, as creating spyware and frameworks that exploit already fixed vulnerabilities in Chrome, Firefox and Microsoft Defender.

Let me remind you that we recently reported that Google Sued G Verifier Scammers Who Posed as Company Representatives, and also that Google Claims RCS Lab Hacking Tools Are Being Used to Target iOS and Android Users.

According to the official website, Variston IT positions itself as a provider of customized information security solutions, including for SCADA and IoT integrators, custom patches for proprietary systems, data discovery tools, and also offers security training and develops security protocols for embedded devices.

However, TAG experts write that Variston IT sells another product not mentioned on the site: frameworks that provide the client with everything necessary to install malware on devices of targets that need to be monitored.

Their Heliconia platform exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools needed to deploy payloads to target devices.the TAG report reads.

According to the researchers, the company’s frameworks consist of several components, each of which targets specific vulnerabilities on target devices:

  1. Heliconia Noise: a web framework for exploiting a rendering error in Chrome, then exiting the browser sandbox and installing malware on the target device;
  2. Heliconia Soft: a web framework that deploys a PDF containing an exploit for a vulnerability in Microsoft Defender (CVE-2021-42298);
  3. Heliconia Files: A set of exploits for Firefox for Linux and Windows, one of which is designed to attack the CVE-2022-26485 vulnerability.

Google accuses Variston IT

Ultimately, Heliconia Noise and Heliconia Soft deploy the “agent_simple” agent on the target system. However, the sample framework studied by Google contained only a dummy agent that started and immediately exited without executing any malicious code. The researchers believe that the users of the framework apply their own agents, or all this is part of another project to which the specialists did not have access.

Google TAG says they found out about Heliconia after receiving anonymous reports through Chrome’s bug reporting program. Experts believe that the company exploited the mentioned problems even before the release of the patches, when the bugs were still zero-day vulnerabilities.

Also the media said that Google Blocked Dozens of Domains Owned by Hacker Mercenaries.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannDecember 2, 2022
0 76 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

New version of jailbreak Unc0ver

New version of jailbreak Unc0ver supports iOS from version 11.0 to 14.3

March 3, 2021
Hackers attacked network of the FSB contractor

Hackers attacked network of the FSB contractor: they became aware of de-anonymization of Tor projects and not only

July 23, 2019
ProtonMail reveals IP address

ProtonMail reveals activist’s IP address to law enforcement

September 9, 2021
Vivaldi and ad blocking

Vivaldi Developers Promise That Ad Blocking Will Continue to Work

September 28, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button