1 min read

Linux and macOS Versions of Commercial "Malware" FinSpy Found Online by Amnesty International

Silviu STAHIE

October 01, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Linux and macOS Versions of Commercial "Malware" FinSpy Found Online by Amnesty International

Amnesty International revealed the existence of Linux and macOS variants of FinSpy, a commercially available spy suite used extensively by threat actors, as well as law enforcement agencies and government from around the world.

Criminals are not responsible for all spyware, and FinSpy is just one example of a commercial solution aiming at fulfilling the same tasks. The only difference is that governments are the usual clients. Unfortunately, these tools sometimes fall into the wrong hands and can be used aggressively by hackers or state actors looking to crack down on the opposition.

FinFisherGmbh has been making the software for more than a decade, and Amnesty International has been tracking its use worldwide. In a recent investigation, they found a group named NilePhish was going after Egyptian human rights defenders and media and civil society organizations staff using this software.

The software was disguised as a Flash player update, used as a dropper for the FinSpy installer. The application can intercept encrypted communication and data, install other software on target computers or mobile devices, and much more. Now, new versions designed for Linux and macOS have appeared online, but research shows a different group is likely behind it.

“In the fall of 2019, while investigating recent versions of FinSpy following the discovery of its use by NilePhish, we identified additional FinSpy samples through the malware research platform VirusTotal hosted at a server located at the IP address 158.69.105[.]207,” says Amnesty International. “We believe this server has no relation to NilePhish and belongs to a different FinSpy operator.”

A few indicators of compromise derived from the Amnesty International investigation are available as well, for all the platforms the application runs on. A good security solution would not differentiate between regular malware and commercial versions.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read