Latest FinFisher (aka FinSpy) spyware upgrades 'particularly worrying,' says Kaspersky

guest · Sep 28, 2021

Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky
September 28, 2021
https://www.theregister.com/2021/09/28/kasperky_finfisher_spyware_report/

Kaspersky has presented the findings of an eight-month probe into the FinFisher spyware toolset – including the discovery of a UEFI "bootkit" infection method and "advanced anti-analysis methods" such as "four-layer obfuscation."

FinFisher, also known as FinSpy, is a product from Anglo-German spy firm Gamma International and supplied exclusively to law enforcement and intelligence agencies for use as a surveillance tool.
Click to expand...

The toolkit receives frequent updates to evade detection and add new functionality, with Kaspersky having previously investigated a 2019 update which boosted its spying capabilities to include chat, physical movement, microphone, and camera access, alongside locally stored data capture and exfiltration.

In Kaspersky's latest report on the tool, the company's research team claimed that Gamma International has been working on hiding the tool from anti-malware detection and even professional analysis.

"Unlike previous versions of the spyware, which contained the Trojan in the infected application right away, new samples were protected by two components: non-persistent Pre-validator and a Post-Validator," the report said.
Click to expand...

"UEFI infections are very rare and generally hard to execute, they stand out due to their evasiveness and persistence," the researchers claimed.

"I believe complex threats such as FinFisher demonstrate the importance for security researchers to cooperate and exchange knowledge," Kuznetsov concluded, "as well as invest in new types of security solutions that can combat such threats."
Click to expand...

Kaspersky: FinSpy: unseen findings

Rasheed187 · Oct 3, 2021

It didn't became clear to me how they can infect the UEFI, can this be blocked somehow? For example, some anti-malware tools like HMPA and AppCheck block modification of the MBR in order to protect against certain types of ransomware. And of course Secure Boot should normally also protect against bootkits.

Log in or Sign up

Latest FinFisher (aka FinSpy) spyware upgrades 'particularly worrying,' says Kaspersky

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Latest FinFisher (aka FinSpy) spyware upgrades 'particularly worrying,' says Kaspersky

guest Guest

Rasheed187 Registered Member

Useful Searches