Serviceteam IT Security News

A new version of the advanced malicious surveillance tool, FinSpy, has been observed stealing information from global governments, law enforcement and NGOs, according to new research from Kaspersky.

“The new implants work on both iOS and Android devices and can monitor activity on almost all popular messaging services, including encrypted ones, and hide their traces better than before,” the July 10 press release said.

The implants are able to hide signs of jailbreak on iOS and gain root privileges on an unrooted Android device. “The Android implant has similar functionality to the iOS version, but it is also capable of gaining root privileges on an unrooted device by abusing the DirtyCow exploit, which is contained in the malware. FinSpy Android samples have been known for a few years now. Based on the certificate data of the last version found, the sample was deployed in June 2018,” researchers wrote.

A highly effective software tool used for targeted surveillance, FinSpy is being used by operators who tailor the behavior of each malicious implant to a specific target or group of targets, allowing attackers to steal information from devices the world over. Several dozen devices have reportedly been infected over the past year.

“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes,” said Alexey Firsh, security researcher at Kaspersky, in the press release. 

“Moreover, they follow trends and implement functionality to exfiltrate data from applications that are currently popular. We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and install them as soon as they are released. Regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!