A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018.
“Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device,” Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said in a write-up.
Variston, which has a bare-bones website, claims to “offer tailor made Information Security Solutions to our customers,” “design custom security patches for any kind of proprietary system,” and support the “the discovery of digital information by [law enforcement agencies],” among other services.
The vulnerabilities, which have been patched by Google, Microsoft, and Mozilla in 2021 and early 2022, are believed to have been utilized as zero-days to help customers install malware of their choice on the targeted systems.
Heliconia comprises a trio of components, namely Noise, Soft, and Files, each of which are responsible for deploying exploits against bugs in Chrome, Windows, and Firefox, respectively.
images from Hacker News