Google revealed the existence of Variston, a previously unknown spyware vendor in November of 2022.
Google researchers have claimed to have witnessed hackers using Variston’s tools in the United Arab Emirates.
Google’s Threat Analysis Group said in a report published on Wednesday that it discovered hackers targeting people in the UAE who used Samsung’s native Android browser, which is a customised version of Chromium.
The hackers used a chain of vulnerabilities delivered via one-time web links sent to the targets via text message.
It is unknown who is responsible for the hacking campaign or who the victims are.
Variston was founded by Ralf Wegener and Ramanan Jayaraman, according to Intelligence Online, an online news publication covering the surveillance industry.
According to Spanish business records, the two owned half of the company each in 2018.
Variston is based in Barcelona, Spain. Variston acquired the Italian zero-day research company Truel in 2018, according to business registration records in Italy.
Amnesty International’s Security Lab discovered the hacking campaign in the UAE.
Amnesty International stated in a press release that the campaign has been active since at least 2020 and has targeted both mobile phones and computers.
According to Amnesty International, the exploits were delivered by a network of over 1,000 malicious domains, “including domains spoofing media websites in multiple countries.”
The organisation also stated that they found traces of the campaign in Indonesia, Belarus, the United Arab Emirates, and Italy, but that these countries “likely represent only a small subset of the overall attack campaign based on the extensive nature of the wider attack infrastructure.”