Windows 10: Google discovers a Windows exploit that points to distribution of spyware

Google’s in-house Threat Analysis Group has recently uncovered an exploit framework that takes advantage of vulnerabilities in web browsers and other system utilities. TAG has also linked the exploit framework to a Spanish software company based in Barcelona. The exploit framework is known to target vulnerabilities in Microsoft Defender, Google Chrome, and Mozilla Firefox.

TAG is primarily one of Google’s expert-led lines of defense against state-sponsored attacks. However, TAG also keeps tabs on companies that let governments spy on political and moral opponents, dissidents, and journalists using tools of the surveillance trade. Officially, the Barcelona-based company claims to be nothing more than a custom security solution provider. However, the truth seems to be much more sinister. According to Google, this Spanish software company is one such commercial vendor of surveillance.

‘Continuing this work, today, we're sharing findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions.’

These are the sentiments of TAG’s Benoit Sevens and Clement Lecigne who recently addressed the team’s findings. TAG also stated that ‘Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device.’



As TAG found, the exploit framework has three main components:

• Heliconia Noise: A Web framework that deploys renderer bug exploits. The framework then installs malevolent agents on the target system by deploying a Chrome sandbox escape.
• Heliconia Soft: A second web framework that carries a PDF payload that contains the Windows Defender exploit currently tracked as CVE-2021-42298.
• Heliconia Files: A set of exploits for Windows and Linux that target Firefox. One of these is currently being tracked as CVE-2022-26485.

Yesterday, TAG stated that The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws; they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety, which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry.’

In other related news, Google is apparently developing tech to replace internet cookies.

Thank you for being a Ghacks reader. The post Google discovers a Windows exploit that points to distribution of spyware appeared first on gHacks Technology News.

read more...

 

Security Flaw Discovered in Google Toolbar

A security flaw has been discovered in Google's Toolbar which could allow criminals to steal data or install malicious software onto people’s computers. The flaw works by exploiting the toolbar’s ability to install new buttons, and allows a hacker to potentially disguise malicious code as a legitimate button due to the fact that the toolbar does not perform adequate checks when buttons are being installed. To become a victim of the vulnerability, a user would have to be tricked into clicking a link which would open a new popup window asking them to install a custom button, which appears to be installed from a legitimate site such as Google. It then needs to be run from the toolbar, and a user would have to agree to downloading and running an executable. Given the number of steps involved, the flaw is not being treated as critical, and Google is already working on a fix for the problem.

Source: Yahoo! News

 

How Windows was exploited in 2014

Read more:

• How Windows was exploited in 2014 | ZDNet
• Windows exploitation in 2014

 

distribution lists

What are the Third Party Apps you would suggest? Would they work with Outlook App on an Android?

I'm looking to set up distribution lists on my cell phone.