Last year, Google revealed that government hackers used three secret holes in Apple’s iPhone system to target victims with spyware made by a European startup.
Google’s Threat Analysis Group, the company’s team that looks into state-backed hacking, published a report on several government attacks done with hacking tools made by several spyware and exploit sellers, including Barcelona-based startup Variston.
In one of the attacks, Google said, government hackers used three iPhone “zero-days”, which are holes unknown to Apple when they were used.
In this case, the hacking tools were made by Variston, a spying and hacking technology startup whose malware was already checked twice by Google in 2022 and 2023.
Google said it found the unknown Variston buyer using these zero-days in March 2023 to target iPhones in Indonesia.
The hackers sent an SMS text message with a nasty link he opened because he had faith in Jobs’ Mob. The link infected the victim’s phone with spyware, sending the victim to a news article by the Indonesian paper Pikiran Rakyat.
Google did not say who Variston’s government buyer was in this case. No one knows who Variston sold its spyware to. Google says Variston works “with several other groups to make and sell spyware.”
Google says one of the groups was Protected AE, which is based in the United Arab Emirates. Local business files show the company as “Protect Electronic Systems” and say it was set up in 2016 and based in Abu Dhabi. Protect’s official website says it is “a cutting-edge cyber security and forensic company.”
Google says Protect “mixes spyware it makes with the Heliconia system and network, into a full package which is then sold to either a local dealer or straight to a government buyer,” talking about Variston’s software Heliconia, which Google already talked about in 2022.
Variston was started in 2018 in Barcelona by Ralf Wegener and Ramanan Jayaraman, and soon after, bought Italian zero-day research company Truel IT,