FinSpy, a well-known piece of spyware from German company FinFisher, is good at hiding. Researchers at Kaspersky have reverse-engineered the malware.

In addition to a four-layer obfuscation method, the spyware also now employs a UEFI (Unified Extensible Firmware Interface) bootkit for infecting its targets, and it also encrypts the malware in memory, according to the researchers. The Kaspersky team’s research began in 2019, and they are finally sharing their findings today at Kaspersky’s online Security Analyst Summit.

Check It Out: ‘FinSpy’ Spyware is Adept at Hiding Itself With a Four-Layer Method

One Comment Add a comment

  1. W. Abdullah Brooks, MD

    Andrew:

    An illustrative story.

    Apart from one’s own security hygiene practices, one is seldom more secure than the least reliable participant in one’s network, whether a cohabiting couple, a small business, or a large university or industrial setting.

    Someone always lets the wolf through the door, so that, using AI-enabled social engineering exploits, they can zero in on their target(s), who is/are often one of those weakest links.

    Because many of us do not know the difference between surveillance and monitoring, we retain a false sense of security about E2EE. It’s not required for surveillance. As for targeted monitoring, as this story points out, E2EE was defeated long ago. And continues to be, creatively, by different actors. Repeatedly.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account