Google Moves to Block Invasive Spanish Spyware Framework

The commercial software industry has come under fire for selling tools to anyone who can pay, from governments to criminals around the world. There have been scandals and calls for reform across the European Union due to details of how spyware has been used to target activists, opposition leaders, lawyers, and journalists. One of the hacking tools that was blocked by the Threat Analysis Group was apparently developed by a Spanish company.

A series of anonymous submissions to the chrome bug reporting program led to the discovery of the exploitation framework. The disclosures pointed to exploitable vulnerabilities in browsers that could be used to install malicious software. The vulnerabilities heliconia noise, heliconia soft, and files were included in the submission. The evidence shows that the hacking framework was developed by a Barcelona-based tech firm.

According to the findings, we have a lot of small players within the industry, but with strong capabilities related to zero days.

WIRED did not get a response from Variston IT. According to the company's director, the company didn't give Variston the chance to review the research and couldn't verify it. He wouldn't be surprised if it was found in the wild. The company's standard practice in these types of investigations is to not contact Variston IT in advance of publication.

The Heliconia vulnerabilities were patched by Microsoft, Microsoft, and Mozilla. The framework was likely being used to exploit the flaws long before they were patched. Heliconia Noise, Heliconia Soft, and Files all had exploits for Windows and Linux. The research was done with members of the Project Zero bug-hunting group.

It is possible that the Heliconia framework is no longer active, but it is also possible that it has evolved. There are other exploits, a new framework, their exploits didn't cross our systems, or there are other layers now to protect their exploits.

The group wants to shed light on the commercial spyware industry's methods, technical capabilities, and abuses. The researchers emphasize that it's always important to keep software up to date and that TAG created detections for the Safe Browsing service to warn about Heliconia- related sites and files.

The internet is less safe because of the growth of the software industry. It is legal under national or international laws, but they are often used to conduct digital espionage against a range of groups.