finfisher – WindowsTechs.com

‘StrongPity’ hacking group does just enough to get around defenses

Posted on July 17, 2019 by Sean Lyngaas

Rather than expend resources on creating fancy new tools, malicious hackers often do the bare minimum needed to breach their targets. That means that when researchers expose their malware, the groups tend to only slightly modify their code to keep it effective. The latest activity from an advanced persistent threat known as StrongPity is a prime example. After having its actions called out last year, StrongPity has come up with new malware samples it is using in a month-long, ongoing campaign against users in Turkey, according to research published Wednesday by AT&T Alien Labs. Although the code has been altered, the general attack method remains the same: go after users who download router management software to infect target organizations, and use the popular file archiver WinRAR for delivery. The spyware delivered to the organizations, which is also called StrongPity, hunts for documents on an infected network and lingers on, retaining […]

The post ‘StrongPity’ hacking group does just enough to get around defenses appeared first on CyberScoop.

Continue reading ‘StrongPity’ hacking group does just enough to get around defenses→

The developers of the notorious FinSpy spyware are innovating — and thriving

Posted on July 10, 2019 by Sean Lyngaas

Like any competitive company, a spyware vendor has to innovate when its proprietary data is exposed or stolen. For Gamma Group, the maker of the notorious FinSpy spyware, the definitive moment came in 2014, when it was hacked and information about its software and clients was dumped online. Since then, FinSpy’s authors have revamped big portions of the software, improving the encryption and making the code harder for analysts to parse, according to new research from Kaspersky Lab. The updated spyware implants for iOS and Android have been used in nearly 20 countries in the last year or so across Asia, Europe, and the Middle East, the researchers said Wednesday. In Myanmar, an ongoing campaign has infected several dozen phones. The researchers suspect there are many more victims out there, given how popular FinSpy has been with government clients. “The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly […]

The post The developers of the notorious FinSpy spyware are innovating — and thriving appeared first on CyberScoop.

Continue reading The developers of the notorious FinSpy spyware are innovating — and thriving→

Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar

Posted on July 10, 2019 by Swati Khandelwal

One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy—also known as FinFisher—has been discovered in the wild targeting users in Myanmar.

Created by German company Gamma International,… Continue reading Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar→

How sloppy OPSEC gave researchers an inside look at the exploit industry

Posted on January 21, 2019 by Greg Otto

The companies that make advanced surveillance software are quiet by design. They generate enough press to let the market (i.e., governments) know their products exist, but it’s not as if there’s an app store for mobile spyware. They do make mistakes, though. And thanks to two researchers from Lookout, the public now has more information on how these companies operate. In the course of investigating a new kind of Android-focused mobile malware, Lookout’s Andrew Blaich and Michael Flossman uncovered text conversations among members of a nation-state’s surveillance program. Those files, which were stored on a server that was part of the malware’s command-and-control infrastructure, represented a trove of insight about how much money the particular government budgeted for its program, whether its spies decided to buy exploits or build their own, and why it’s easier than ever for countries to leverage surveillance technology. It started when Blaich and Flossman were analyzing how a single malware sample had manipulated data within the popular […]

The post How sloppy OPSEC gave researchers an inside look at the exploit industry appeared first on CyberScoop.

Continue reading How sloppy OPSEC gave researchers an inside look at the exploit industry→

It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price

Posted on November 13, 2018 by Lorenzo Franceschi-Bicchierai

We’re living in the golden age of spyware and government hacking, with companies rushing to join a blossoming billion dollar market. The weakest among us—activists or journalists—will suffer the consequences if we don’t regulate it appropriately. Continue reading It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price→

Spyware campaign targets Turkish dissidents, research shows

Posted on May 15, 2018 by Sean Lyngaas

Spyware made by a notorious vendor has been used to target critics of the Turkish government via Twitter, according to digital rights advocacy group Access Now. Attackers used spyware from FinFisher to target protestors focused on the Turkish government in 2017, Access Now said in a report. Hackers allegedly used Twitter-linked malicious websites to install spyware on activists’ phones. The perpetrators used a “benign-looking mobile application” as cover for the FinFisher spyware, which was part of “a broad social engineering attack” against opponents of Turkey’s ruling party, the report stated. “The broad and aggressive use of [the spyware] to target individuals involved in the March for Justice movement in Turkey provides a rare window into the current deployment of FinFisher,” Access Now said. “It gives us new clues and patterns of behavior of how social media is used in conjunction with the malware…” the organization added. There is evidence that surveillance […]

The post Spyware campaign targets Turkish dissidents, research shows appeared first on Cyberscoop.

Continue reading Spyware campaign targets Turkish dissidents, research shows→

Turkey’s Government Tried to Hack Hundreds of Protesters Over Twitter, Researchers Say

Posted on May 14, 2018 by Lorenzo Franceschi-Bicchierai

A new report details a widespread campaign targeting several Turkish activists and protesters, using the infamous government malware made by FinFisher. Continue reading Turkey’s Government Tried to Hack Hundreds of Protesters Over Twitter, Researchers Say→

Google Play Boots Three Malicious Apps From Marketplace Tied to APTs

Posted on April 16, 2018 by Tom Spring

Researchers said three apps used to surveil Middle East targets were booted from the Google Play marketplace. Continue reading Google Play Boots Three Malicious Apps From Marketplace Tied to APTs→

Turkish, Egyptian ISPs help local government conduct massive spyware operation

Posted on March 12, 2018 by Luana Pascu

Canadian researchers from human rights organization Citizen Lab uncovered a major computer espionage operation spreading across Turkey, Egypt and, indirectly, Syria. The operation, which started in 2017, is a nation-state-level network injection to del… Continue reading Turkish, Egyptian ISPs help local government conduct massive spyware operation→

ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries

Posted on March 9, 2018 by Swati Khandelwal

Governments in Turkey and Syria have been caught hijacking local internet users’ connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scri… Continue reading ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries→