Google reported that Heliconia exploitation frameworks are capable of deploying spyware on Chrome, Microsoft, and Mozilla.
Google Threat Analysis Group (TAG) has been a constant tracker of commercial spyware for many years. Now, TAG has reported that Variston IT, a company in Barcelona has sold spyware exploiting Chrome, Firefox, and Windows Defender vulnerabilities. Google explains that this commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition, and dissidents.
These vulnerabilities were flagged as zero-days in the wild, but these were fixed by Google, Microsoft, and Mozilla in 2021 and early 2022. It explained that its Heliconia framework exploits n-day vulnerabilities and provides all necessary tools to attach the target device. “While we have not detected active exploitation, based on the research below, it appears likely these were utilized as zero-days in the wild,” Google mentioned in a blog post. Who all have been affected? Know here.
Commercial spyware attac
This Heliconia Noise exploited Google Chrome in versions version 90.0.4430.72 from April 2021 to version 91.0.4472.106 to June 2021. Google warned that this vulnerability could perform remote code execution. However, Google has already fixed this exploit back in August 2021.
There was also Heliconia Soft, a web framework that uses a PDF containing a Windows Defender exploit. It was fixed in November 2021.
And then there were the Heliconia Files which exploited Windows and Linux Firefox chains to commit remote code execution in Mozilla’s browser. Google says that “The Heliconia exploit is effective against Firefox versions 64 to 68, suggesting it may have been in use as early as December 2018 when version 64 was first released.”
However, the good part is that the exploits mentioned in Google’s TAG latest report no longer threaten any Chrome, Mozilla and Windows Defender users, if you have updated your device to the latest version. Hence, make sure that you keep your automatic updates on for your device and do it as soon as possible to avoid any attack of the vulnerability.