Google warns about commercial Heliconia spyware • The Register

by admin
0 comment

Google’s Threat Analysis Group (TAG) announced Wednesday that its researchers have discovered commercial spyware called Heliconia designed to exploit vulnerabilities in the Chrome and Firefox browsers and Microsoft Defender security software.

Google researchers say they became aware of the framework after an anonymous Chrome bug report containing instructions and source code named “Heliconia Noise”, “Heliconia Soft” and “Files”.

Analysis of the bug they submitted revealed that it contained a tool for distributing exploit code and was directed to Variston IT, a security firm based in Barcelona, ​​Spain, who may have been the developer of the framework. It turns out that the mention was included. Variston IT did not immediately respond to a request for comment.

The three components perform the following functions: Heliconia Noise is a Chrome renderer bug (now fixed) followed by a sandbox escape. Heliconia Soft is a web framework that deploys PDFs containing Windows Defender exploits. Files is a set of Firefox exploits for Linux and Windows.

According to TAG, Google, Microsoft, and Mozilla fixed the targeted vulnerabilities in 2021 and early 2022, so patching is guaranteed to be safe. TAG has also added his Heliconia detection mechanism to Google’s Safe Browsing service, encouraging internet users to keep their browsers and software up to date as a defense against exploits.

Clement Lecigne and Benoit Sevens said: blog post“Commercial spyware puts sophisticated surveillance capabilities into the hands of governments, which they use to spy on journalists, human rights activists, opposition parties, and dissidents.”

Chris Clements, vice president of solution architecture at Cerberus Sentinel, cybersecurity biz, said: register Commercial spyware is just spyware that companies try to condone by claiming they only sell to governments, as if spying on citizens needs no justification.

“Commercial spyware vendors operate in a field otherwise indistinguishable from cybercrime,” said Clements. “The exploits they develop and the monitoring features in their product are malware by definition.”

“These organizations often defend themselves against legal consequences by claiming that they sell tools only for ethical use by governments and law enforcement. It has repeatedly proven to be untrue for some spyware vendors.”

Clements said the only difference between commercial spyware makers and ransomware-as-a-service or early-access brokers on the dark web is their target customer base and product maturity.

While we’re talking spyware…

The NSO Group, perhaps the most widely known commercial spyware vendor for Pegasus Software, said Wednesday on behalf of 15 journalists and other members of the Salvador-based news organization El Faro, by Columbia University’s Knight Institute that sued.

Complaint Alleges that NSO Group and its parent company Q Cyber ​​Technologies violated U.S. law by helping deploy Pegasus spyware to remotely access journalists’ iPhones.

NSO Group previously sued Created by Facebook and its WhatsApp subsidiary based on claims that Pegasus was used to compromise WhatsApp on users’ phones. An attempt by the NSO Group to dismiss its claims, based on the claim that foreign immunity from prosecution is inherited by non-governmental vendors, has so far been rejected in U.S. courts.

The company is currently waiting to see if the U.S. Supreme Court will consider an appeal.

of amicus briefs [PDF] The U.S. Attorney General, who advised the Supreme Court not to hear the NSO Group case, said that while the U.S. government was not prepared to seek a clear decision to rule out such immunity claims in the future, “NSO is here.” It is clear that he is not entitled to immunity in the ®

You may also like

Leave a Comment