Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

ESET finds that Internet providers may well be involved in latest FinFisher surveillance campaigns

September 2017 by ESET

ESET researchers have detected surveillance campaigns
utilizing a new variant of FinFisher, the
infamous spyware also known as FinSpy. Seven countries are affected (to avoid
putting anyone in danger, ESET will not name them) and in two of them, major
internet providers have most likely been involved in infecting the targets of
surveillance.

“In two of the campaigns, the spyware has been spread via a man-in-the-middle
attack and we believe that major internet providers have played the role of the man
in the middle,” explains Filip Kafka, the ESET Malware Analyst who conducted the
research.

FinFisher is spyware marketed as a law enforcement tool and sold to governmental
agencies around the world. It is also believed to have been used by oppressive
regimes
.

FinFisher spyware has extensive spying capabilities, such as live surveillance
through webcams and microphones, keylogging, and exfiltration of files. It has
received a number of improvements in its latest version, aimed at improving its
spying capabilities, staying under the radar and preventing analysis. The most
important innovation, however, is the way in which the surveillance tool is
delivered to targeted computers.

When a targeted user is about to download one of several popular applications such
as WhatsApp, Skype or VLC Player, they are redirected to the attacker’s server.
There, they are served a trojanized installation package infected with FinFisher.

“During the course of our investigations, we found a number of indicators that
suggest the redirection is happening at the level of a major internet provider’s
service,” comments Filip Kafka.

According to Kafka, these campaigns are the first where the probable involvement of
a major internet provider in spreading malware has been publicly disclosed. “These
FinFisher campaigns are sophisticated and stealthy surveillance projects,
unprecedented in their combination of methods and reach.”

For further details, read Filip Kafka’s article at ESET’s security blog,
WeLiveSecurity.com.

In the past, WeLiveSecurity.com has published a number of articles on FinFisher-based campaigns.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts