TECHNOLOGY
Google, Microsoft and Mozilla fixed the affected vulnerabilities in 2021 and early 2022.
As commercial spyware like Pegasus puts advanced surveillance capabilities in the hands of governments to spy on journalists, human rights activists, political opposition and dissidents, Google has discovered a new commercial spyware that exploits vulnerabilities in Google Chrome, Mozilla Firefox and Microsoft Defender.
The Google Threat Analysis Group (TAG) shared findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions.
"Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device," said the team.
Google, Microsoft and Mozilla fixed the affected vulnerabilities in 2021 and early 2022.
"While we have not detected active exploitation, it appears likely these were utilized as zero-days in the wild," said the TAG researchers.
TAG has created detections in Safe Browsing to warn users when they attempt to navigate to dangerous sites or download dangerous files.
"To ensure full protection against Heliconia and other exploits, it's essential to keep Chrome and other software fully up-to-date," they mentioned in a blog post.
Also read: WhatsApp users can now search for messages by date, check details
The TAG security team became aware of the Heliconia framework when Google received an anonymous submission to the Chrome bug reporting programme.
"The exploitation frameworks, listed below, included mature source code capable of deploying exploits for Chrome, Windows Defender and Firefox. Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0-days before they were fixed," said the Google researchers.
Earlier reports have shown proliferation of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously only available to governments with deep pockets and technical expertise.
TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.
The Google teams earlier this year found strong evidence that enterprise-grade Android spyware called `Hermit` is being used via SMS messages to target high-profile Android users.
What is historic 'Blue Gold', costlier than real gold?
Salman Khan opens up about his daddy issues with Salim Khan: 'How can he be right all the time...'
Powerful 7.6 magnitude earthquake jolts Caribbean, tsunami advisory issued
Salman Khan supports Sooaj Barjatya, pens note on his OTT debut, calls his show Bada Naam Karenge...
Little girl's energetic dance to 'London Thumakda' leaves netizens in awe, WATCH viral video
Meet man who left IIT, later earned Rs 286 crore in just 20 weeks by...
Viral Video: Sadhus playing cricket at Mahakumbh mela wins hearts online, watch
Happy Chocolate Day 2025: Wishes, WhatsApp messages, quotes to share with your partner on February 9
Meet woman, who plays key role in Rs 33661 crore company, daughter of billionaire
Vicky Kaushal and Akshaye Khanna didn't talk to each other on the Chhaava sets because...
Nita Ambani, Nick Jonas share candid moments at Siddharth Chopra's wedding, WATCH viral video
UPSC Civil Services Prelims Exam 2025 registration date extended by 7 days; apply at upsc.gov.in
'Fight for progress of Delhi will continue', says LoP Rahul Gandhi after Congress's Delhi debacle
Namma Metro Fare Update: Travel rides get costlier by 50 per cent from THIS date; check details
'AAP-Da Mukt Delhi': PM Modi hails BJP's resounding victory in assembly polls 2025
'He is fit to...': India batting coach shares BIG update on Virat Kohli ahead of IND vs ENG 2nd ODI
IND vs ENG: Rohit Sharma on cusp of breaking Sachin Tendulkar's record in elite openers list
NASA confirms Sunita Williams' return date, denies US President Trump’s ‘stranded’ claim
Meet man whose airline went bankrupt, still has Rs 43894 crore net worth, he is...
Ranji Trophy: Suryakumar Yadav's horror show with bat continues, India star clean bowled for just...
Chocolate Day 2025: 5 easy homemade chocolate recipes to impress your partner
Mass layoffs at Infosys as company terminates 700 freshers over...
Priyanka Chopra wears 62-emerald bead Bvlgari necklace at her brother's wedding
Chocolate Day 2025: Date, significance, history and celebration ideas
Meet Swati Singh, wife of BJP's Parvesh Verma, who defeated Arvind Kejriwal by 4089 votes
Meet man, son of world’s richest woman, he is set to take over Rs 1642000 crore empire as...
SHOCKING! Bride's family cancels wedding at last moment over groom's low...
Nita Ambani, Shloka Mehta stun in gorgeous sarees at Priyanka Chopra's brother's wedding
Meet Trisha and Sanidhi, daughters of BJP's Parvesh Verma, who defeated Arvind Kejriwal
Transforming the news and media industry with Generative AI: Expert insights by Sanjay Jain
New entrant in grocery quick-commerce, ready to compete with industry giants
Dr Tanvi Tijoriwala, ND shedsputs light on balancing skin barrier during rising temperatures
How PM Modi's magic shattered Arvind Kejriwal and his third-term hope in Delhi?
Ahmedabad: Fire breaks out at Sabarmati bullet train station, check details
Meet Sunita Kejriwal, Arvind Kejriwals's wife, who was former IRS officer, met him during...
BIG blow for Meta employees, Mark Zuckerberg's company to layoff employees from..., reason is...
Amitabh Bachchan sparks major concern among fans with cryptic post, writes 'time to go'
Taylor Swift 'feels used' by Blake Lively, wishes she didn't drag her into Justin Baldoni case
Meet IAS officer who failed five times before cracking UPSC exam, cleared in 6th attempt with AIR...
Delhi Election Result 2025 Live Updates: Check full list of winners and losers in Delhi elections
Who is Kabir Bahia, Kriti Sanon's rumoured boyfriend who hid his face from paps
Delhi Election Result 2025: AAP's Arvind Kejriwal vs BJP's Parvesh Verma; key contests to watch out
Bank holidays in February 2025: Check if banks are open or closed on February 8?