Google’s researchers said the spyware attack was revealed after they spotted an anonymous Chrome bug report that included instructions and source code with the names “Heliconia Noise,” “Heliconia Soft” and “Files.”
The discovery was made by Google’s Threat Analysis Group (TAG) which confirmed that its researchers had discovered the commercial spyware that is specifically designed to exploit vulnerabilities in Chrome and Firefox browsers.
The web framework, Heliconia Noise is used for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; the second web framework, Heliconia Soft deploys a PDF containing a Windows Defender exploit while the third component, Files is a set of Firefox exploits for Linux and Windows OS systems.