Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty Inte
#1
https://hotforsecurity.bitdefender.com/b...7ctw%7CH4S      Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty International
2 days ago
2 Min Read      Amnesty International revealed the existence of Linux and macOS variants of FinSpy, a commercially available spy suite used extensively by threat actors, as well as law enforcement agencies and government from around the world.

Criminals are not responsible for all spyware, and FinSpy is just one example of a commercial solution aiming at fulfilling the same tasks. The only difference is that governments are the usual clients. Unfortunately, these tools sometimes fall into the wrong hands and can be used aggressively by hackers or state actors looking to crack down on the opposition.

FinFisherGmbh has been making the software for more than a decade, and Amnesty International has been tracking its use worldwide. In a recent investigation, they found a group named NilePhish was going after Egyptian human rights defenders and media and civil society organizations staff using this software.

The software was disguised as a Flash player update, used as a dropper for the FinSpy installer. The application can intercept encrypted communication and data, install other software on target computers or mobile devices, and much more. Now, new versions designed for Linux and macOS have appeared online, but research shows a different group is likely behind it.

“In the fall of 2019, while investigating recent versions of FinSpy following the discovery of its use by NilePhish, we identified additional FinSpy samples through the malware research platform VirusTotal hosted at a server located at the IP address 158.69.105[.]207,” says Amnesty International. “We believe this server has no relation to NilePhish and belongs to a different FinSpy operator.”

A few indicators of compromise derived from the Amnesty International investigation are available as well, for all the platforms the application runs on. A good security solution would not differentiate between regular malware and commercial versions.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  I review security software for a living and I just found a new way to stop online sca mrtrout 0 1,309 01-06-2024 , 04:30 AM
Last Post: mrtrout
  Malware found in npm package with millions of weekly downloads mrtrout 0 726 10-23-2021 , 08:53 AM
Last Post: mrtrout
  Amnesty International links cybersecurity firm to spyware operation mrtrout 0 724 10-11-2021 , 10:02 PM
Last Post: mrtrout
  8 New Android Apps Found Infected with Joker Malware mrtrout 0 917 06-22-2021 , 11:15 PM
Last Post: mrtrout
  Google funds Linux maintainers to boost Linux kernel security Bjyda 0 1,068 02-24-2021 , 11:39 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)