Barcelona-based spyware startup Variston may be on the brink of closing, as high employee turnover and growing scrutiny continue to plague the company. Researchers from Google’s Threat Analysis Group recently identified Variston as the source of malicious code that targeted Chrome, Firefox, and Microsoft Defender. Known as Heliconia, this exploitation framework was initially sent to Google in 2021. It was later found that a disgruntled employee was responsible for revealing Variston’s secrets.
Scandal followed Variston as incarnations of their spyware were discovered being used in the United Arab Emirates and against iPhone users in Indonesia. Over the past year, several employees have left the company, breaking their silence on the condition of anonymity due to nondisclosure agreements. Inside sources argue that the beleaguered company is now winding down operations.
Variston was part of a larger surge in the Western-based spyware industry that gained momentum in the early 2010s. Companies like Hacking Team, FinFisher, and NSO Group profited from supplying surveillance tools to regimes with questionable human rights records. Variston, however, operated mostly under the radar, refraining its employees from disclosing their affiliation publicly.
Variston was established in Barcelona in 2018 by Ralf Wegener and Ramanan Jayaraman. At its peak, the company housed approximately 100 employees and produced spyware targeting a range of operating systems, from Windows PCs to iOS and Android devices. However, the company’s secrecy policy extended even to their employees, who alleged that Variston’s primary, if not only, customer was United Arab Emirates-based cybersecurity company, Protect.
Sources revealed that Protect’s significant funding played a key role in keeping Variston afloat. The financial arrangement collapsed in 2023 when Protect cut its funding and pressured Variston employees to relocate to Abu Dhabi. This funding setback combined with most employees’ refusal to move precipitated Variston’s apparent demise.
While Protect maintains a low public profile similar to Variston’s, researchers believe it repackages spyware, such as Variston’s Heliconia, for direct or brokered sales to government customers. Protect, an offshoot of revealed UAE company DarkMatter, continues to provide the UAE government with covert access to foreign cybersecurity technology.
Source: Spyware startup Variston is losing staff — some say it’s closing.
