1 min read

Linux and macOS Versions of Commercial "Malware" FinSpy Found Online by Amnesty International

Silviu STAHIE

October 01, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Linux and macOS Versions of Commercial "Malware" FinSpy Found Online by Amnesty International

Amnesty International revealed the existence of Linux and macOS variants of FinSpy, a commercially available spy suite used extensively by threat actors, as well as law enforcement agencies and government from around the world.

Criminals are not responsible for all spyware, and FinSpy is just one example of a commercial solution aiming at fulfilling the same tasks. The only difference is that governments are the usual clients. Unfortunately, these tools sometimes fall into the wrong hands and can be used aggressively by hackers or state actors looking to crack down on the opposition.

FinFisherGmbh has been making the software for more than a decade, and Amnesty International has been tracking its use worldwide. In a recent investigation, they found a group named NilePhish was going after Egyptian human rights defenders and media and civil society organizations staff using this software.

The software was disguised as a Flash player update, used as a dropper for the FinSpy installer. The application can intercept encrypted communication and data, install other software on target computers or mobile devices, and much more. Now, new versions designed for Linux and macOS have appeared online, but research shows a different group is likely behind it.

“In the fall of 2019, while investigating recent versions of FinSpy following the discovery of its use by NilePhish, we identified additional FinSpy samples through the malware research platform VirusTotal hosted at a server located at the IP address 158.69.105[.]207,” says Amnesty International. “We believe this server has no relation to NilePhish and belongs to a different FinSpy operator.”

A few indicators of compromise derived from the Amnesty International investigation are available as well, for all the platforms the application runs on. A good security solution would not differentiate between regular malware and commercial versions.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read