Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender.
According to a report from Google’s Threat Analysis Group, Variston sells another product not mentioned on its website: software frameworks that provide everything a customer needs to surreptitiously install malware on devices they want to spy on.
The researchers are disclosing their findings in an attempt to disrupt the market for spyware, which they said is booming and poses a threat to various groups.
The vulnerabilities, which have been patched by Google, Microsoft, and Mozilla in 2021 and early 2022, are believed to have been utilized as zero-days to help customers install malware of their choice on the targeted systems.
Soft is a web framework that’s engineered to deliver a decoy PDF document featuring an exploit for CVE-2021-42298, a remote code execution flaw impacting Microsoft Defender that was fixed by Redmond in November 2021. The infection chain, in this case, entails the user visiting a malicious URL, which then serves the weaponized PDF file.
Tools such as Heliconia can be leveraged by threat actors to target individuals and organizations. Meta’s investigation earlier this year revealed that surveillance of the private sector is a huge and growing area and identified 50000 users that were spied upon in 2021.
“TAG’s research has shown the proliferation of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously only available to governments with deep pockets and technical expertise,” Google TAG researchers Clement Lecigne and Benoit Sevens noted.