FinSpy
STATUS:
Active
TYPE:
Backdoor, Trojan, Rootkit, Bootkit
DISCOVERY:
2011
TARGETED PLATFORMS:
Windows, OS X, Linux, Android, iOS, Windows Mobile, Symbian, BlackBerry
FIRST KNOWN SAMPLE:
2007
NUMBER OF TARGETS:
101-500
TOP TARGETED COUNTRIES:
Germany, Vietnam, Russia, Mongolia, China, USA, Cambodia, Japan, Indonesia, Lao People's Democratic Republic
THE WAY
OF PROPAGATION
Social engineering
Physical access to computers
Access to network connections
PURPOSE/
FUNCTIONS
Surveillance
SPECIAL
FEATURES
“Business-to-government” malware
Tries very hard to avoid detection
Logs incoming and outgoing calls;
Makes concealed calls to eavesdrop on the target's surroundings;
Steals information from smartphones (call logs, text and media messages, contacts, etc.);
Tracks coordinate
TARGETS
Activists
Criminal suspects
ARTEFACTS/
ATTRIBUTION
The FinSpy (Finfisher) software is sold by UK Based Gamma Group company
MORE INFO
The blog post and research paper are available at
Securelist.com
