The technology company Google has reported a spyware attack in the United Arab Emirates (UAE), using spyware tools from the Spanish company Variston. The report was released by Google’s Threat Analysis Group (TAG) on Wednesday, March 29, 2023. This attack calls into question online security and user privacy in the region.
Details of the attack
The attack targeted people using Samsung’s native Android browser, which is a customized version of Chromium. The hackers used a set of vulnerabilities chained together and delivered via unique web links sent to targets via text message. Two of the vulnerabilities used in the attack were zero-days, meaning they had not been reported to the software vendor and were unknown at the time. If a target clicked on the malicious web links, they would be directed to a landing page “identical to the one TAG examined in the Heliconia framework developed by commercial spyware vendor Variston.”
Possible relationship between hackers and Variston
According to Google, “the actor using the exploit chain to target users in the United Arab Emirates may be a Variston customer or partner, or may be working closely with the spyware vendor.” In other words, a possible relationship between the hackers and the Spanish company is suggested.
Impact of the attack
It is unknown who the victims of the attack are and what is its scope. According to Google, TAG observed around 10 malicious web links in circulation. It is possible that some of the links redirected to StackOverflow after the exploit and may have been test devices for the attacker. TAG also observed the attack on iPhone users in Italy, Malaysia and Kazakhstan, using a zero-day bug patched by Apple in November.
Amnesty International also detected the attack, noting that it has been active since at least 2020, attacking both mobile phones and computers. Amnesty said it observed the exploits being delivered by a network of more than 1,000 malicious domains “including spoofed domains from media websites in multiple countries.”
About Variston
Variston is a company based in Barcelona, ​​Spain, specialized in creating surveillance software. According to business records in Spain, the company’s founders are Ralf Wegener and Ramanan Jayaraman, who each owned half of the company in 2018. In 2018, Variston acquired Italian zero-day research company Truel, according to company records. business registration in Italy.
Wider Implications
Google’s report highlights the danger of the commercial spyware industry and the existence of unreported vulnerabilities by software vendors, even among smaller companies in the sector. In addition, there can be a spread of techniques and exploits among spyware vendors, increasing the risk of malicious attacks.
The presence of spyware and the attack on online privacy and data security is a growing concern around the world. Ordinary citizens, as well as businesses and governments, are at risk of being targeted by malicious attacks. It is necessary to take measures to improve the security and protection of online data, including the implementation of more advanced and updated security systems.
You have more information on blog.google.