Linux and macOS Versions of Commercial "Malware" FinSpy Found Online by Amnesty International
Amnesty International revealed the existence of Linux and macOS variants of FinSpy, a commercially available spy suite used extensively by threat actors, as well as law enforcement agencies and government from around the world.
Criminals are not responsible for all spyware, and FinSpy is just one example of a commercial solution aiming at fulfilling the same tasks. The only difference is that governments are the usual clients. Unfortunately, these tools sometimes fall into the wrong hands and can be used aggressively by hackers or state actors looking to crack down on the opposition.
FinFisherGmbh has been making the software for more than a decade, and Amnesty International has been tracking its use worldwide. In a recent investigation, they found a group named NilePhish was going after Egyptian human rights defenders and media and civil society organizations staff using this software.
The software was disguised as a Flash player update, used as a dropper for the FinSpy installer. The application can intercept encrypted communication and data, install other software on target computers or mobile devices, and much more. Now, new versions designed for Linux and macOS have appeared online, but research shows a different group is likely behind it.
“In the fall of 2019, while investigating recent versions of FinSpy following the discovery of its use by NilePhish, we identified additional FinSpy samples through the malware research platform VirusTotal hosted at a server located at the IP address 158.69.105[.]207,” says Amnesty International. “We believe this server has no relation to NilePhish and belongs to a different FinSpy operator.”
A few indicators of compromise derived from the Amnesty International investigation are available as well, for all the platforms the application runs on. A good security solution would not differentiate between regular malware and commercial versions.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022