New: Google says Variston IT, a Barcelona-based spyware vendor, is behind an exploitation framework that exploited zero-day flaws in Chrome, Firefox and Windows Defender as far back as 2018.
My colleague @carlypage has more: https://techcrunch.com/2022/11/30/variston-spyware-chrome-firefox-windows/
Google said it obtained the exploit framework via a bug report, and found it contained a script that is designed to remove references to Variston developer alias and server names from the malware binaries.
It's funny because in trying to opsec, the spyware vendor opsec'd badly. Whoops!
Variston left behind descriptions of the exploits in the code, like:
"Windows 10 x64: 1-Click Full Chain for Google Chrome without Persistence" — and — "Windows Chrome & Chromium Edge 1-click chain without persistency reaching SYSTEM integrity."
When reached by email, Variston director Ralf Wegner told TechCrunch it "would be surprised if such [sic] item was found in the wild."
More: https://techcrunch.com/2022/11/30/variston-spyware-chrome-firefox-windows/
Vlad
Zack Whittaker
PJ Perez 