Geeks for your information News Privacy & Security News v
Google discovers a Windows exploit that points to distribution of spyware
Google discovers a Windows exploit that points to distribution of spyware
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,052
Threads: 10,224
Thanks Received: 9,325 in 7,471 posts
Thanks Given: 10,269
Joined: 12 September 18
#1
Exclamation  02 December 22, 07:05
Quote:Google’s in-house Threat Analysis Group has recently uncovered an exploit framework that takes advantage of vulnerabilities in web browsers and other system utilities. TAG has also linked the exploit framework to a Spanish software company based in Barcelona. The exploit framework is known to target vulnerabilities in Microsoft Defender, Google Chrome, and Mozilla Firefox.

TAG is primarily one of Google’s expert-led lines of defense against state-sponsored attacks. However, TAG also keeps tabs on companies that let governments spy on political and moral opponents, dissidents, and journalists using tools of the surveillance trade. Officially, the Barcelona-based company claims to be nothing more than a custom security solution provider. However, the truth seems to be much more sinister. According to Google, this Spanish software company is one such commercial vendor of surveillance.

‘Continuing this work, today, we're sharing findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions.’

These are the sentiments of TAG’s Benoit Sevens and Clement Lecigne who recently addressed the team’s findings. TAG also stated that ‘Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device.’

[Image: Google-unmasks-Windows-exploit-scaled.jpg]

As TAG found, the exploit framework has three main components:
  • Heliconia Noise: A Web framework that deploys renderer bug exploits. The framework then installs malevolent agents on the target system by deploying a Chrome sandbox escape.
  • Heliconia Soft: A second web framework that carries a PDF payload that contains the Windows Defender exploit currently tracked as CVE-2021-42298.
  • Heliconia Files: A set of exploits for Windows and Linux that target Firefox. One of these is currently being tracked as CVE-2022-26485.
Yesterday, TAG stated that The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws; they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety, which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry.’

In other related news, Google is apparently developing tech to replace internet cookies.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Cloudflare CEO warns AI bots could outnu...
The internet you use...schreckdeividas — 11:03
ScreenToGif 2.43.1
ScreenToGif 2.43.1...harlan4096 — 08:55
uBOLite 2026.322.1735 (already available...
uBOLite 2026.322.1...harlan4096 — 08:54
Microsoft outs Windows 11 KB5085516 to f...
This month, Micros...harlan4096 — 08:53
AV-Test - Awards 2025: celebrating the v...
V-TEST Awards 2025...harlan4096 — 08:50

[-]
Birthdays
Today's Birthdays
avatar (44)battsourIonix
avatar (43)CedricSek
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (46)qaqapeti
avatar (43)artmaGoork

[-]
Online Staff
There are no staff members currently online.

>