Eset finds internet providers may be involved in latest FinFisher surveillance campaigns

The Slovak security software company responds to threats leaked from security agencies in its latest solutions for households

(Source: Sme)

Researchers from the cyber security software company Eset have detected surveillance campaigns utilising a new variant of FinFisher, the infamous spyware also known as FinSpy. Seven countries are affected and in two of them, major internet providers have most likely been involved in infecting the targets of surveillance. Eset did not specify who in order to avoid putting anyone in danger.

SkryťRemove ad
Article continues after video advertisement
SkryťRemove ad
Article continues after video advertisement

“In two of the campaigns, the spyware has been spread via a man-in-the-middle attack and we believe that major internet providers have played the role of the man in the middle,” explained Filip Kafka, the Eset malware analyst who conducted the research, as cited in the company’s press release.

FinFisher is spyware marketed as a law enforcement tool and sold to governmental agencies around the world. It is also believed to have been used by oppressive regimes.

Read also: People may lose money in fake competitions on Facebook Read more 

FinFisher spyware has extensive spy capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. It has received a number of improvements in its latest version, aimed at improving its spy capabilities, staying under the radar and preventing analysis. The most important innovation, however, is the way in which the surveillance tool is delivered to targeted computers.

When a targeted user is about to download one of several popular applications such as WhatsApp, Skype or VLC Player, they are redirected to the attacker’s server. There, they are served a trojanised installation package infected with FinFisher.

SkryťRemove ad

“During the course of our investigations, we found a number of indicators that suggest the redirection is happening at the level of a major internet provider’s service,” said Kafka.

These campaigns are the first where the probable involvement of a major internet provider in spreading malware has been publicly disclosed, said Kafka as cited in the press release.

“These FinFisher campaigns are sophisticated and stealthy surveillance projects, unprecedented in their combination of methods and reach,” noted Kafka.

Eset responds to threats leaked from security agencies

Eset launched the latest version of its flagship security solutions for households in the middle of September. Their new layer of protection, control of UEFI (Unified Extensible Firmware Interface), is active even before the operating system Windows is launched and is searching for threats in the Unified Extensible Firmware Interface. This is because hackers are able to create a malicious code that can be launched via UEFI even before the common security solutions and the operating system are launched.

“Eset is the first security software company that provides protection of UEFI to their home users,” said Matej Krištofík, product manager at Eset.

Read also: WannaCry had little impact in Slovakia Read more 

Other improved functions include monitoring of domestic networks, providing an overview of devices connected to the user’s network and enhanced protection from ransomware. The latter works on the basis of behavioural monitoring. This means that it monitors the behaviour of apps or processes attempting to change data in the computer.

Top stories

Lake Kuchajda in Bratislava.

Weekend: At a big party, Vietnamese community will share their culture with Bratislava

A steam train ride, Pride Košice and other tips for this weekend.


19m

News digest: Who's afraid of liberal democracy?

Slovak sprinter just misses medal, worries over who will take charge of foreign policy. Learn more in today's digest.


19 h
Silvia Solymosy and Jozef Solymosy pose for photographers with their medals at the end of the mixed duet technical final at the European swimming championships in Rome on August 15, 2022.

Slovak artistic swimmers win historic medals at European championships

The Solymosy siblings have won two bronze medals in Rome.


15. aug
SkryťClose ad