Windows, Chrome and Firefox zero-days exploited to spread malware

TechRadar
decembar 01
Podijeli post

Cybersecurity researchers from Google’s Threat Analysis Group (TAG) are saying that a commercial company from Spain developed an exploitation network (otvara se u novoj kartici) for Windows, Chrome, and Firefox, and likely sold it to government entities sometime in the past.

In a blog post published earlier this week, the TAG team says that a Barcelona-based company called Variston IT is likely tied to the Heliconia framework, which exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender (otvara se u novoj kartici). It also says the company likely provided all the tools needed to deploy a payload to a target endpoint (otvara se u novoj kartici).

No active exploitations

All the affected companies had fixed the vulnerabilities that were exploited through the Heliconia framework in 2021 and early 2022, and given that TAG did not find any active exploitations, the framework was most likely used on zero-days. Still, to fully protect against Heliconia, TAG suggests all users to keep their software up to date.

Google was first alerted to Heliconia via an anonymous submission to the Chrome (otvara se u novoj kartici) bug reporting program. Whoever filed the submission added three bugs, each with instructions and an archive with the source code. They were named “Heliconia Noise”, “Heliconia Soft”, and “Files”. Further analysis has shown that they contained “frameworks for deploying exploits in the wild” and that the source code pointed to Variston IT.

Heliconia Noise is described as a framework for deploying an exploit for a Chrome renderer bug, followed by a sandbox escape. Heliconia Soft, on the other hand, is a web framework that deploys a PDF containing an exploit for Windows Defender, while Files is a set of Firefox (otvara se u novoj kartici) exploits found on both Windows and Linux.

Given the fact that the Heliconia exploit works on Firefox versions 64 – 68, it was likely in use in late 2018, Google suggests.

Speaking to TechCrunch, Variston IT director Ralf Wegner said the company wasn’t aware of Google’s research and couldn’t validate the findings, but added that he’d be “surprised if such item was found in the wild.”

Commercial spyware (otvara se u novoj kartici) is a growing industry, Google says, adding that it won’t stand idly as these entities sell vulnerability exploits to governments who later use it to target political opponents, journalists, human rights activists, and dissidents.

Perhaps the most famous example is the Israeli-based NSO Group and its Pegasus spyware, which landed the company on the United States’ blacklist.

Via: TechCrunch (otvara se u novoj kartici)

izvor

Prethodni post

Windows, Chrome and Firefox zero-days exploited to spread malware

No active exploitations

Softver koji morate imati u 2024

Top kategorije

Latest reviews

Samsung Galaxy Z Flip 5 Teaser Video, uoči Galaxy Unpacked događaja, pokazuje novi dizajn šarki, opcije boja

Twitter ograničava broj DM poruka koje neprovjereni korisnici mogu poslati

Moj omiljeni Android telefon može raditi stvari koje moj iPhone 14 Pro Max ne može

ChatGPT za Android počinje sljedeće sedmice, a sada se možete unaprijed registrovati

Xiaomi Smart TV 32A, Smart TV 40A, Smart TV 43A sa Google TV-om, 20W zvučnici lansirani u Indiji: : Cijena, specifikacije

Ova jestiva baterija mogla bi napajati svijet dijagnostike i održive energije