Amid Pegasus scare, Google discovers new commercial spyware that exploits Chrome, Firefox vulnerabilities


New Delhi: Google Chrome, Mozilla Firefox, and Microsoft Defender Vulnerable as Commercial Spyware Like Pegasus Puts Sophisticated Surveillance into Government Hands to Spy on Journalists, Human Rights Activists, Opposition and Dissidents I discovered a new commercial spyware that exploits sexuality. The Google Threat Analysis Group (TAG), a Barcelona, ​​Spain-based company that claims to be a provider of custom security solutions, has shared its findings on an exploit framework that may have ties to Variston IT. .

“The company’s Heliconia framework provides all the tools necessary to exploit n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender and deploy payloads to target devices,” the team said. . Google, Microsoft, and Mozilla fixed the affected vulnerabilities in 2021 and early 2022.

“While we have not detected any active exploits, it is highly likely that these were indeed used as zero-days,” said the TAG researchers. TAG creates a detection feature in Safe His Browsing that alerts users when they navigate to dangerous sites or try to download dangerous files.

Also read: After WhatsApp, Google is testing end-to-end encryption for group chats on its messaging app.

“Keeping Chrome and other software fully up-to-date is essential for complete protection against Heliconia and other exploits,” they said in a blog post.

The TAG security team became aware of the Heliconia framework when Google received an anonymous submission to the Chrome bug reporting program.

“The exploit frameworks listed below contained mature source code capable of deploying exploits for Chrome, Windows Defender, and Firefox. We assess that it was likely used 0 days before it was modified,” said a Google researcher.

Previous reports have shown the surge in commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously available only to governments with deep funding and technical expertise.

TAG actively tracks over 30 vendors with varying levels of sophistication and public exposure that sell exploits or monitoring capabilities to government-sponsored attackers.

Earlier this year, a team at Google found strong evidence that an enterprise-grade Android spyware called “Hermit” was being used via SMS messages to target high-profile Android users.

“Hermit” may have been developed by Italian spyware vendor RCS Lab and front company Tykelab Srl, a communications solutions company.

Italian spyware vendor RCS Lab has been a well-known developer for over 30 years and operates in the same market as Pegasus developer NSO Group.

RCS Lab has worked with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan.