ESET finds internet providers may be involved in latest FinFisher surveillance campaigns

Next story

ESET researchers have detected surveillance campaigns utilizing a new variant of FinFisher, the infamous spyware also known as FinSpy. Seven countries are affected (to avoid putting anyone in danger, ESET will not name them) and in two of them, major internet providers have most likely been involved in infecting the targets of surveillance.

“In two of the campaigns, the spyware has been spread via a man-in-the-middle attack and we believe that major internet providers have played the role of the man in the middle,” explains Filip Kafka, the ESET Malware Analyst who conducted the research.

FinFisher is spyware marketed as a law enforcement tool and sold to governmental agencies around the world. It is also believed to have been used by oppressive regimes.

FinFisher spyware has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. It has received a number of improvements in its latest version, aimed at improving its spying capabilities, staying under the radar and preventing analysis. The most important innovation, however, is the way in which the surveillance tool is delivered to targeted computers.

When a targeted user is about to download one of several popular applications such as WhatsApp, Skype or VLC Player, they are redirected to the attacker’s server. There, they are served a trojanized installation package infected with FinFisher.

“During the course of our investigations, we found a number of indicators that suggest the redirection is happening at the level of a major internet provider's service,” comments Filip Kafka.

According to Kafka, these campaigns are the first where the probable involvement of a major internet provider in spreading malware has been publicly disclosed. “These FinFisher campaigns are sophisticated and stealthy surveillance projects, unprecedented in their combination of methods and reach,” noted Kafka.

For further details, read Filip Kafka’s article at ESET's security blog, WeLiveSecurity.com.

In the past, WeLiveSecurity.com has published a number of articles on FinFisher-based campaigns.

Note for editors:
With FinFisher, so-called government malware and the security industry’s approach to it returns to the spotlight. For ESET, there is no such thing as good malware; please
read ESET’s response to an open letter by Bits of Freedom, a digital rights activist group.

 

ABOUT ESET

ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.

 

ESET MEDIA CONTACT:

Veronica Bart, Veritas Communicationsbart@veritasinc.com 647-330-5724