The fast-paced digital world has paved the way for complex spyware software sales to scam users. Previously, Google and Apple highlighted this issue and warned their users about organizations selling commercial spyware software.
This spyware targets laptops or PCs through Windows antivirus and browsers. Google and Apple have already patched the previous threats or vulnerabilities that could exploit user information through spyware.
According to TAG (Google’s Threat Analysis Group), a Barcelona organization sold spyware software that could potentially exploit the vulnerabilities of Firefox, Chrome, and Windows Defender to spy or activate surveillance on users’ PCs.
Google explained that this commercial spyware puts advanced surveillance right into the hands of governments that prefer spying on journalists, opposition parties, human rights activists, and others.
Microsoft, Mozilla, and Google patched these vulnerabilities in 2021 and 2022, even though they were reported as zero days in the wild. Variston IT is known as a custom security solution provider.
However, Google suspects it to be a commercial surveillance organization. According to the reports, the organization is the same as the NSO Group and RCS Labs, which used to sell tools to governments to spy on diplomats, journalists, dissidents, etc.
Heliconia Noise exploited versions 90.0.4430.72 (from April 2021) to 91.0.4472.106 (from June 2021). According to Google, Heliconia Noise could exploit vulnerabilities for n-days and provide all essential tools to spy properly on targets.
Google also warned that this spyware framework could potentially perform remote code execution, but fixed the issues related to it in August 2021. Heliconia Soft was another web framework that used PDF with a Windows Defender exploit.
It was also fixed in November 2021. Google said the Heliconia exploit was effective against Firefox (64 to 68 versions). The good news is that the latest TAG report shows that these exploits don’t threaten Windows Defender, Chrome, or Mozilla users if they update the browsers to the latest versions.
So, ensure you put your devices on automatic updates for these browsers to stay protected from such vulnerability attacks.
STAY IN THE LOOP