Several 0-Day Vulnerabilities Exploited

Months after linking a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software outfit RCS Lab; Veriston IT, a Barcelona-based company has been linked to an exploitation framework that enables spyware to be installed on targeted devices. Several 0-day vulnerabilities in Windows, Chrome and Firefox were targeted to plant spyware.

Google’s Threat Analysis Group (TAG) became aware of the so-called “Heliconia” exploitation framework. Clues in the source code suggested that Variston IT was likely the developer.

Heliconia comprises three separate exploitation frameworks:

  1. One that contains an exploit for a Chrome renderer bug that allows it to escape the walls of the app’s sandbox to run malware on the operating system
  2. Another that deploys a malicious PDF document containing an exploit for Windows Defender, the default antivirus engine in modern versions of Windows
  3. another framework that contains a set of Firefox exploits for Windows and Linux machines.

Commercial spyware, like the Heliconia framework, contains capabilities that were once only available to governments. These capabilities include stealth recording audio, making or redirecting phone calls and stealing data, such as text messages, call logs, contacts and granular GPS location data, from a target’s device.

Exercise caution when using devil's inventions. Clean your computer's history, cache and unsafe data. Do not allow evil to obtain information about sensitive projects. The use of mobile phones should be deliberate and in accord with safe practices to avoid compromitation of personal information that is not outside of the Law.

uncore editorial
1. December 2022