On November 30, a Barcelona-based Spanish company, Variston IT, was accused of being tied to an exploitation framework. An exploitation framework refers to a code that takes advantage of a search engine’s vulnerability to override security measures. This specific framework is set to target firefox, chrome, and windows defender. Google’s threat analysis group (TAG) was the one to detect this framework and alert of its possible links to Variston IT.
Google counts possible threats to cybersecurity using a bug bounty program. This program received an anonymous submission that had detected three different types of bugs which were all tied to the framework. An investigation has since been opened to understand how the spyware works and the potential ramifications that it could have.
Since May 2022, there has been a surge in commercial spyware all over Europe, with limited oversight from the European Union. This is potentially dangerous considering how it is being used to gather information on EU officials and other high-ranking members of organizations. Spyware technology has been used on activists, lobbyists, politicians, and lawmakers in order to gather intel on potential projects and deals that they might be working on in relation to their governments. In fact, EU member states have purchased spyware products. The main issue is with the unregulated use of this spyware and how it must comply with EU law. Even though it is legal to employ spyware, the extent to which digital espionage causes harm cannot be measured. The commercial use of it has become a problem too, as companies are willing to sell to anyone who will pay.
Variston IT claims to provide custom security solutions and protection to users, in contradiction to recent findings. The framework has been given the overarching name “Heliconia” and one of its branches is being referred to as “Heliconia Soft”. This peculiar branch has the ability to deploy a PDF that, without the user knowing, exploits a window defender (the search engine) vulnerability to enter the target. With this type of invasive technology, a simple internet search has the potential to lead to expansive personal data exposure.
Digital surveillance is increasing in popularity as a new means to seek information. Its recent amplified use creates a huge security risk for users around the world. While Variston IT has recently been under fire, the company is not the first case of a spyware vendor in Europe. Another spyware that has been on the rise in Europe is “Pegasus”. Euronews reported that mobile phones belonging to Spain’s Prime Minister and Defense Minister were infected by Pegasus spyware last year.
The escalation of surveillance has led to digital espionage, which external actors are struggling to control. The commercial spyware industry is full of technical capabilities, which most often cannot be closely watched and therefore leads to abuses. Moreover, it was discovered that spyware is being developed in several EU countries such as Italy, Germany, and France. The question remains as to whether companies will be found liable for their actions or if they will continue to use frameworks to their advantage and proceed undetected.
Cover image by: NordVPN