They discover new versions of the dangerous tool ...

They discover new versions of the dangerous tool …

July 11, 2019

The new implants work on both iOS and Android devices, can monitor activity on almost all popular messaging services, even those that are encrypted, and hide their traces better than before. These tools allow attackers to spy on all device activities and extract sensitive data such as GPS location, messages, images, calls, and more.

Discover new versions of the dangerous FinSpy spy toolNew versions of the dangerous FinSpy spy tool discovered Image by Wit Olszewski via Shutterstock

Kaspersky experts are the ones who have discovered these new versions of the advanced malicious spy tool. FinSpy is an extremely effective software tool for targeted surveillance that has been observed stealing information from international NGOs, governments, and law enforcement organizations around the world. Its operators can tailor the behavior of each malicious FinSpy implant and direct it to a specific target or group of them.

The basic functionality of the malware includes almost unlimited monitoring of the activities carried out on the device, such as geolocation, all incoming and outgoing messages, contacts, media stored on the device, and data from popular messaging services such as WhatsApp, Facebook Messenger. or Viber. All the extracted data is transferred to the attacker via SMS messages or the HTTP protocol.

The latest known versions of the malware extend the surveillance functionality to additional messaging services, including some that are considered “safe”, such as Telegram, Signal or Threema. They are also more adept at covering their tracks. For example, iOS malware, targeting the iOS 11 operating system and earlier versions, can now hide signs of jailbreak, while the new version for Android contains an attack that can gain root privileges, with almost unlimited and full access. to all files and commands, on a non-rooted device.

Based on the information available to Kaspersky, to infect both Android and iOS devices, attackers need physical access to the phone or to an unlocked device (already jailbroken or rooted). For unlocked phones, there are at least three possible infection vectors: SMS messages, email, or automated notifications (push) sent by an application to the user when the application is not open.

According to Kaspersky telemetry, several dozen mobile devices were infected last year.

“The programmers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to prevent their operations from being blocked with the fixes. In addition, they follow trends and implement functionalities to extract data from applications that are currently popular. We observe victims of FinSpy implants on a daily basis, so it’s worth taking a look at the latest platform updates and installing them as soon as they are released. Because, regardless of how secure the applications you use may be, and how your data is protected, once the phone is rooted or jailbroken, it will be completely open to spying, “explains Alexey Firsh, security researcher at Kaspersky. Lab.

To avoid falling victim to FinSpy, Kaspersky researchers advise the following:

· Do not leave your smartphone or tablet unlocked and always make sure that no one can see your code when you enter it · Do not jailbreak or root your device as it will make the work of an attacker easier · Install only mobile apps from official app stores , such as Google Play · Do not follow suspicious links sent to you from unknown numbers · In your device settings, block the installation of programs from unknown sources · Avoid revealing the password or passcode to your mobile device, even with someone Trusted · Never store unknown files or applications on your device as they could harm your privacy · Download a proven security solution for mobile devices.

The full report is available at https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/

[+] Videos de nuestro canal de YouTube