Spyware, the dangerous Spanish framework discovered by Google

Spyware

The commercial spyware industry is increasingly under fire for its penchant for selling powerful surveillance tools to anyone who can pay for them, from governments to criminals around the world. In several European Union (EU) countries, revelations about the use of spy software to target activists, opposition leaders, lawyers and journalists have recently generated scandals and calls for reform. Today, Google's Threat analysis group (TAG) announced that it has taken steps to block one of these cyber-attack tools, which has targeted several computers and which was allegedly developed by a Spanish company.

The vulnerability exploitation framework, renamed Heliconia , came to Google's attention in a series of anonymous reports to the Chrome bug notification program. The reports indicated vulnerabilities in Chrome, Windows Defender, and Firefox that could be exploited to distribute spyware to target devices, including Windows and Linux computers. The reports included Heliconia source code and labeled the vulnerabilities as Heliconia Noise, Heliconia Soft and Files. Google reports that the evidence it has gathered indicates that the framework was developed by Barcelona-based technology firm Variston It.

"The findings indicate that there are many small but strong players operating in the spyware industry related to zero days, ”the Tag researchers told sportsgaming.win US , referring to the vulnerabilities that are still unknown and for which no patches are available.

Variston It did not respond to sportsgaming.win US's request for comment. The company's director, Ralf Wegner, told TechCrunch that Variston has not had a chance to review the Google research and therefore is unable to corroborate it. Google confirmed that Tag researchers did not contact Variston It prior to the release of the report, as per the company's practice for this type of investigation.

Google, Microsoft and Mozilla have already patched the vulnerabilities of Heliconia in 2021 and 2022, and Google says it has not detected any bug exploitation to date. Evidence reported in reports to the company indicates that the framework was likely used to exploit the flaws starting in 2018 and 2019, long before any patches were introduced. For his research, the Tag collaborated with Project Zero, the Google unit that deals with vulnerability analysis, and with the Chrome V8 security team.

The fact that Google does not detect evidence of the Leveraging Heliconia may mean that the framework is currently down, but it may also indicate that the tool has evolved. “There may be other exploits, a new framework, or their exploits may not have made it through to our systems, or perhaps there are now other layers to protect their exploits,” the Tag researchers told sportsgaming.win US. br>
The Tag emphasizes that the goal of this type of research is to shed light on the methods, technical capabilities, and abuses of the commercial spyware industry. The group has created detection systems for the Google safe browsing service to flag Heliconia-related sites and files, while researchers remind the importance of updating their software .

" The growth of the spyware puts users at risk and makes the internet less secure – wrote the Tag in a blog post of the group about the discovery – , and even if surveillance technologies can be legal under national or international laws, they are often used harmfully for digital espionage against a number of groups.”

This article originally appeared on sportsgaming.win US.