Windows 10 News and info | Forum
November 19, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New FinFisher spyware used to spy on iOS and Android users in 20 countries  (Read 204 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 30713


I Do Windows


WWW Email
« on: July 13, 2019, 06:56:34 PM »
ReplyReply

Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries.

According to the experts, the new versions have been active at least since 2018, one of the samples analyzed by Kaspersky was used last month in Myanmar, where local government is accused of violating human rights.

“According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019.” reads the report published by Kaspersky. “Late in 2018, experts at Kaspersky looked at the functionally latest versions of FinSpy implants for iOS and Android, built in mid-2018.”

The new variants of FinFisher implement a broad range of feature to collect data from infected mobile phones, including SMS/MMS messages, emails, calendars, GPS location, photos, and data from the RAM memory of the device.

Of course, the samples can also record phone calls and record VoIP calls via popular apps, including Skype or WhatsApp.

The implant analyzed by the experts contained binary files for ARMv7 and ARM64 CPU architectures. This is very important if we consider that iOS 11 is the first iOS OS version that does not support ARMv7 any more.

Experts pointed out that the new FinFisher implant for iOS doesn’t support the latest iOS 12.x.



Android and iOS versions use different infection techniques, for example, FinSpy for iOS does not provide infection exploits for its customers. An attacker could jailbreak the device if it has physical access to it. For jailbroken devices, the attackers could use SMS message, email, and WAP Push as an infection vector.
The Android version of the implant is also capable of gaining root privileges on an unrooted device by exploiting the DirtyCow exploit.

Both versions can spy on communications through Facebook Messenger, Skype, Signal, BlackBerry Messenger, Telegram, Threema, Viber, WhatsApp, Line, InstaMessage, and more.

“FinSpy developers are constantly working on the updates for their malware. At the time of publication, Kaspersky researchers have found another version of the threat and are currently investigating this case.” concludes the analysis.

“A full set of IOCs, including YARA rules, is available to customers of the Kaspersky Intelligence Reporting service. For more information, contact intelreports@kaspersky.com“

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 24, 2019, 03:14:31 PM