wonderfully unique software solutions

Kaspersky unveils new arsenal for evading detection in FinFisher spyware

Researchers from Kaspersky have found an improved arsenal within FinFisher, FinSpy or Wingbird spyware that broaden its ability to evade detection and infect Windows, Mac OS and Linux devices.

Igor Kuznetsov, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), said eight months of research uncovered four-layer obfuscation and advanced anti-analysis measures as well as the employment of a Unified Extensible Firmware Interface (UEFI) bootkit to infect victims.

“The amount of work put into making FinFisher not accessible to security researchers is particularly worrying and somewhat impressive,” Kuznetsov said. “This spyware is deployed with high precision and is practically impossible to analyse.”

Kuznetsov said complex threats such as FinFisher trojans demonstrate the importance of security researchers cooperating and exchanging knowledge ,as well as investing in new types of security solutions.

Kaspersky has been tracking FinSpy trojans since 2011. The spyware gathers various credentials, file listings and deleted files, documents, livestreaming or recording data and can access a webcam and microphone. Read a full analysis here.

Older versions of the spyware contained the trojan right in the infected application right away, but new samples were protected by non-persistent pre-validator and a post-validator components, which hold deployment back until after a check if the device belongs to a professional security researcher before execution.

Kaspersky recommends users protect themselves by only downloading apps and programs from trusted websites, as well as updating all software, including the OS, regularly. Email attachments should not be trusted.

“Is it from someone you know and trust; is it expected; is it clean? Hover over links and attachments to see what they’re named or where they really go,” warns Kaspersky.

Users should also ensure they deploy a good security application on all devices, and implement policies on non-corporate software use as well as educating employees about risks and cybersecurity hygiene.

Read more tips from Kaspersky on protection from FinSpy and other threats.

The news follows Kaspersky’s discovery of gamer accounts in high demand in the dark web’s black markets, as stolen from popular gaming stores by the BloodyStealer virus and other malware.

Kaspersky notes that users can protect themselves from BloodyStealer using reliable security solutions such as Kaspersky Security Cloud to block BloodyStealer without interfering with gameplay.

Read more about BloodyStealer.

( Photo by Dan Nelson on Unsplash )

Recent Articles

N-able teams up with US cybersecurity agency on RMM tactics

Remote monitoring and management (RMM) software vendor N-able has announced it is working with the US Cybersecurity and Infrastructure Security Agency (CISA)...

Nitro with Level Access launches accessibility upgrade for PDF management

E-documentation company Nitro has teamed up with digital accessibility as a service provider Level Access on an accessible version of the former's...

CoreView expects further sales growth as Microsoft launches ‘disruptive’ tools

Microsoft 365 (M365) management software vendor CoreView is gearing up for greater demand, predicted to be fuelled further by AI adoption via...

Keeper Security expands global reach with new investments in zero-trust security

Keeper Security has opened an Asia-Pacific (APAC) headquarters in Japan, reflecting increased global interest and investment in unified, zero-trust enterprise passwords, secrets...

iSpring follows Salesforce integration with Albato no-code automation

Edtech software vendor iSpring Solutions has announced integration of the iSpring Learn learning management system (LMS) with no-code automation from Albato, expanding...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox