Windows, Chrome and Firefox zero-day exploited to deliver malware
Cybersecurity researchers from the Google Threat Analysis Group (TAG) are saying that a commercial company from Spain has developed a mining network (opens in a new tab) for Windows, Chrome and Firefox and has likely sold it to government organizations in the past.
In a blog post published earlier this week, the TAG team said that a Barcelona-based company called Variston IT is likely tied to the Heliconia framework, exploiting n-day vulnerabilities in Chrome. , Firefox and Microsoft Defender (opens in a new tab). It also indicates the company may have provided all the necessary tools to deploy the payload to the target final point (opens in a new tab).
No active mining
All affected companies have fixed the vulnerabilities exploited through the Heliconia framework in 2021 and early 2022, and since TAG did not find any exploits, it is very likely that the framework has already been exploited. used in 0-day vulnerabilities. However, for complete protection from Heliconia, TAG recommends that all users keep their software up to date.
Google was first alerted to Heliconia through an anonymous submission to Chrome browser (opens in a new tab) error program. Whoever submitted the post added three bugs, each with instructions and a source code repository. They are named “Heliconia Noise”, “Heliconia Soft” and “Files”. Further analysis has shown that they contain “frameworks for deploying mining in the wild” and the source code pointed to Variston IT.
Heliconia Noise is described as a framework for implementing Chrome renderer bug exploits followed by sandboxing. Heliconia Soft, on the other hand, is a web framework that deploys exploit-containing PDF files for Windows Defender, while File is a set of firefox (opens in a new tab) exploits found on both Windows and Linux.
Google suggests that the Heliconia exploit works on Firefox versions 64 – 68, it is likely to be used by the end of 2018.
Speaking to TechCrunch, Variston IT Director Ralf Wegner said the company wasn’t aware of Google’s research and couldn’t validate the findings, but added that he would be “surprised if the item was found.” out in the wild”.
Advertisement Spyware (opens in a new tab) Google says it’s a growing industry, adding that it won’t stand idly by as these entities sell exploits to governments, who then use it to target targets political opponents, journalists, human rights activists and dissidents.
Perhaps the most famous example is the Israel-based NSO Corporation and its Pegasus spyware, which has blacklisted the company in the United States.
Through the: TechCrunch (opens in a new tab)