silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
Security researchers from Kaspersky Lab have discovered new and improved versions of the FinFisher spyware.
The new versions, which target Android and iOS phones, have been in use since 2018, and the most recent FinFisher implants have been discovered active as late as last month, in Myanmar, a country in the midst of multiple human rights abuse scandals.
The upgraded FinFisher (FinSpy) versions are now capable of collecting and exfiltrating a wide array of personal data from infected phones, such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, and data from the phone's RAM. Furthermore, the samples can also record phone calls and dump images and messages from popular instant messaging clients.
FnFisher has always had implants for both desktop and mobile operating systems, but these new versions targeting smartphones put the mobile implants on par with the more advanced desktop versions.
According to a technical analysis of the new samples, the Android and iOS versions have nearly identical capabilities, according to Kaspersky, with a few differences here and there in regards to infection methodology and supported IM clients.
Per the Russian antivirus vendor, the Android IM clients from which FinFisher can dump and steal chats, pictures, videos, and contacts, include Facebook Messenger, Skype, Signal, BlackBerry Messenger, Telegram, Threema, Viber, WhatsApp, Line, and InstaMessage.
On iOS, supported clients are Facebook Messenger, Skype, Threema, Signal, InstaMessage, BlackBerry Messenger, but also WeChat. Furthermore, on iOS, the new FinFisher version can also record VoIP calls made through IM clients, such as WhatsApp, Skype, Line, Viber, WeChat, Signal, BlackBerry Messenger, and KakaoTalk.