Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Amazon will stop accepting new customers for Mechanical Turk

5 office gadgets that can make your work day better

What are bending spoons? The little-known owner of AOL and Vimeo who is now public

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026

    What is Mistral AI? Everything you need to know about the OpenAI competitor

    4 July 2026

    Anthropic is discussing a new custom chip with Samsung

    3 July 2026
  • Apps

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026

    Meta quietly launches vibe-encoded Pocket gaming app

    3 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026

    Ashton Kutcher is leaving Sound Ventures to start a new VC firm with Morgan Beller

    2 July 2026

    Flipper’s new Busy Bar is a customizable display for productivity

    30 June 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026

    Cellebrite said it cut off Russia, but Russia used its tools anyway

    26 June 2026
  • Startups

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026

    Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Spyware startup Variston is shedding staff — some say it’s shutting down
Security

Spyware startup Variston is shedding staff — some say it’s shutting down

techtost.comBy techtost.com16 February 202408 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Spyware Startup Variston Is Shedding Staff — Some Say It's
Share
Facebook Twitter LinkedIn Pinterest Email

In July 2021, someone sent Google a bundle of malicious code that could be used to hack Chrome, Firefox, and computers running Microsoft Defender. This code was part of an exploit framework called Heliconia. And at the time, the exploits used to target these apps were zero-day, meaning software makers were unaware of the bugs, according to Google.

More than a year later, in November 2022, the Google Threat Analysis Group, the company’s group that investigates government-sponsored threats, published a blog post analyzing these exploits and the Heliconia framework. Google researchers concluded that the code belonged to Variston, a startup based in Barcelona that was unknown to the public.

“It was a huge crisis at the time, mainly because we had been under the radar for quite some time,” a former Variston employee told TechCrunch. “Everyone thought we would eventually be exposed if we were caught [in the wild]but instead he was a burglar.”

Another former Variston employee said the code was sent to Google by a disgruntled company employee, and that after it happened, Variston’s name and privacy were “burnt.”

Google continued to dig up the Variston malware. In March 2023, the tech giant’s researchers discovered that spyware manufactured by Variston was being used in Kazakhstan, Malaysia and the United Arab Emirates. Last week, Google reported that it found Variston hacking tools being used against iPhone owners in Indonesia.

Over the past year, more than half a dozen Variston employees have left the company, they told TechCrunch on condition of anonymity because they were not authorized to speak to the press due to non-disclosure agreements.

Now, according to four former employees and two people with knowledge of the spyware market, Variston is shutting down.

In the early 2010s, the public began to learn that there was a thriving market where Western-based companies such as Hacking Team, FinFisher and the NSO Group provided surveillance and hacking tools to countries and regimes around the world with dubious or poor human rights records such as Ethiopia, Mexico, Saudi Arabia, the United Arab Emirates and many others.

Since then, digital and human rights organizations such as Citizen Lab and Amnesty International have recorded dozens of cases where government customers of these spyware makers used these tools to hack and spy on journalists, dissidents and human rights defenders.

In recent years, the offensive security industry has become more public and normalized. Some of these spyware makers and exploit developers openly advertise their services online, their employees reveal where they work on social media, and there are some popular security conferences that openly cater to this industry, such as OffensiveCon and HexaCon.

Variston, however, has always tried to fly under the radar.

The only public facing company information is a barebones website where he vaguely describes what he does.

“Our toolset is based on the vast cumulative experience of our consultants. It supports the discovery of digital information from [law enforcement agencies],” says Variston’s website, in its only brief mention of its work as a spyware and exploit developer for government agencies.

Variston banned employees from disclosing where they work, not only on LinkedIn, but also at cybersecurity conferences, according to former employees who spoke to TechCrunch.

Variston’s website. Image Credits: TechCrunch (screenshot)

According to Spanish business records seen by TechCrunch, Variston was founded in Barcelona in 2018, listing Ralf Wegener and Ramanan Jayaraman as founders and directors.

While its website lists another address in the city, Variston recently worked out of an office in Barcelona’s Poblenou neighborhood, inside a co-working space a block from the beach. In October, a spokesperson for the co-working space told TechCrunch that Variston was there and had been for a few years.

When TechCrunch visited Variston’s office this week, a fellow site representative claimed that Variston still works there. The representative offered to leave a message for Variston, saying that he was not there that day, but that he was in the building that week. Neither Wegener nor Jayaraman responded to multiple emails from TechCrunch seeking comment about Variston. An email to Variston’s public email address was not returned.

One of Variston’s first moves in 2018 was an acquisition Real IT, a small zero-day research startup in Italy, according to Italian business filings seen by TechCrunch. Since then, Variston has grown into a company of around one hundred employees. In addition to Heliconia, the company’s exploit framework for targeting Windows devices, Variston has also developed exploit and hacking tools targeting iOS and Android. Variston’s Android product was called Violet Pepper, according to former employees.

Even the founders of Truel IT, who moved to work at Variston, do not disclose Variston as an employer on their LinkedIn profiles.

According to former Variston employees, that level of secrecy also applied to the identity of the company’s customers — except for its special relationship with Protect, a company based in the United Arab Emirates city of Abu Dhabi.

“Variston was a supplier to Protect,” said a person with knowledge of Protect’s operations, who asked to remain anonymous because they were not authorized to speak to the press. “It was an important relationship for both of them for a while.”

The company’s work was “going to the UAE” and that Protect was “de facto the only customer”, according to former Variston employees.

Former employees told TechCrunch that Protect funded all operations at Variston, including the research and development side. A former Variston employee said that once Protect withdrew its development-side funding in early 2023, Protect tried to force Variston employees to relocate. Then, when research funding stopped later in the year, Variston “closed up shop,” the person said.

Contact us

Do you know more about Variston or Protect? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.

In early 2023, Protect asked all Variston employees to relocate to Abu Dhabi. This is where Variston began to unravel, as most of the Variston staff did not accept the proposal. The former employees said management gave them two options: “move to Abu Dhabi or be fired” and that there would be no exceptions.

Protect accounts as “a leading cybersecurity and forensics company.” Like Variston, Protect says little else on its website about what the company does.

But Google security researchers believe that Protect, also known as Protect Electronic Systems, “combines the spyware it develops with Heliconia’s framework and infrastructure into a complete package that is then offered for sale either to a local broker or directly to a government customer.

This would explain how Variston’s tools allegedly ended up being used in Indonesia, Kazakhstan and Malaysia.

According to Intelligence Onlinea trade publication covering the surveillance and intelligence industry, Protect was launched after DarkMatter, a controversial hacking company based in the United Arab Emirates, it was revealed that he had employed Americans which then helped the UAE government spy on dissidents, political opponents and journalists.

As of 2019, Protect was headed by Awad Al Shamsi and provided UAE government users with discreet access to foreign cyber technology, Intelligence Online reported. It is not known if Al Shamsi is still with Protect, and Al Shamsi did not respond to an email seeking comment. Protect did not respond to several other emails from TechCrunch.

Variston founders Wegener and Jayaraman also appear to have worked at Protect since at least 2016, according to public online files of encryption keys linked to their Protect email addresses seen by TechCrunch.

Wegener is a veteran of the spyware industry. According to Intelligence Online, Wegener runs several other companies, some based in Cyprus and co-owned by Jayaraman. Wegener worked for AGT, or Advanced German Technology, a surveillance provider founded in Berlin in 2001 with an office in Dubai. In 2007, along with Italian spyware maker RCS Lab, AGT worked with the Syrian government to develop a centralized real-time internet monitoring system across the country. according to reports based on leaked documents and research by the non-profit Privacy International. Ultimately, AGT did not provide the system to the Syrian government.

Five years after its founding, Variston is no longer a secretive startup.

Three former employees said Google’s 2022 report blew the lid off Variston’s privacy. One of the employees said that the Google report revealing Variston “may have been the beginning of the end” for the spyware maker.

But another former Variston employee said the company — like other spyware makers — would have been exposed eventually. “It’s bound to happen sooner or later,” the person said. “It’s quite normal.”

Natasha Lomas contributed reporting.

An earlier version of this report incorrectly attributed Google’s discovery of Variston’s tools to Italy, due to an error by the editor. ZW.

Android barista cyber security Google infosec shedding shutting Spyware staff startup surveillance Variston Windows Zero-days
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleKnock takes the pain out of creating notification workflows
Next Article This German non-profit organization is creating an open voice assistant that anyone can use
bhanuprakash.cg
techtost.com
  • Website

Related Posts

New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

4 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

Last chance to apply — Startup Battlefield Australia applications close on 6 July

3 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Amazon will stop accepting new customers for Mechanical Turk

6 July 2026

5 office gadgets that can make your work day better

6 July 2026

What are bending spoons? The little-known owner of AOL and Vimeo who is now public

5 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

Last chance to apply — Startup Battlefield Australia applications close on 6 July

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.