A recently discovered commercial tool can be purchased by cyber attackers, and used against users who have not updated their Google Chrome and Mozilla Firefox web browsers — and ironically, the Microsoft Defender security suite — to spy on them. The tool, called ‘Heliconia’, was recently discovered and disclosed by Google’s independently licensed Threat Analysis Group (TAG), and is seemingly among a new crop of commercial malware that can be used for cyber espionage and surveillance.
The tool, unlike many other vulnerabilities that are regularly reported by Google TAG, is an “n-day” exploit — suggesting that the spyware (malware designed specifically for espionage) has been previously seen and reported by cyber security organisations around the world. Such an exploit also refers to tools for which companies have already issued patches.
However, the more important part of this spyware is that it is a commercially available one. This suggests that any attacker with intent can simply purchase the spyware from a vendor, and use it for targeted hacking campaigns. Spyware campaigns and cyber espionage, while having become increasingly commonplace nowadays, could still be among the most critical cyber flaws — since they are typically always targeted in nature, and attempt to breach personal, sensitive data belonging to a particular user, or a group of users.
The only way to really stay safe from the Heliconia spyware would be to make sure that all the software that you use — including the ones mentioned above — are regularly updated to their latest versions.
A lack of general awareness around cyber security, and the need to have the most updated versions of any software in use, have often been cited by cyber security experts as a key reason why users face cyber attacks. US tech and telecom services firm Verizon’s 2022 Data Breach Investigation report stated that 82% of all breaches occur due to a ‘human element’ being involved in the process — be it in the clicking of a malicious link, or, as in this case, using software that does not have the latest security patch from a company.