Months after linking a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software outfit RCS Lab; Veriston IT, a Barcelona-based company has been linked to an exploitation framework that enables spyware to be installed on targeted devices. Several 0-day vulnerabilities in Windows, Chrome and Firefox were targeted to plant spyware.
Google’s Threat Analysis Group (TAG) became aware of the so-called “Heliconia” exploitation framework. Clues in the source code suggested that Variston IT was likely the developer.
Heliconia comprises three separate exploitation frameworks:
Commercial spyware, like the Heliconia framework, contains capabilities that were once only available to governments. These capabilities include stealth recording audio, making or redirecting phone calls and stealing data, such as text messages, call logs, contacts and granular GPS location data, from a target’s device.
Exercise caution when using devil's inventions. Clean your computer's history, cache and unsafe data. Do not allow evil to obtain information about sensitive projects. The use of mobile phones should be deliberate and in accord with safe practices to avoid compromitation of personal information that is not outside of the Law.
1. December 2022