Kaspersky researchers have just discovered new versions of FinSpy spyware on both Android and iOS. FinSpy is spyware created by a German company Gamma Group, which sells it to law enforcement organizations all over the world. This spyware is an advanced spy tool with varied functionality.
Initially, FinSpy desktop implants were discovered in 2011 by Wikileaks and its mobile implants were discovered in 2012. The spyware was leaked in 2014 and later in 2015, it was known that it was being used to spy on users in over 32 countries. But since the leak, Gamma has improved the spyware to make it more efficient and hard to detect.
As per the researchers, the spyware was again active in 2018 and the latest activity was spotted in Myanmar in June 2019. These implants are capable of collecting personal information such as SMS, Emails, Calendars, Device Locations, Multimedia and even messages from some popular social media apps.
If you are an iOS user, then the implant is only observed to work on jailbroken devices. If an iOS device is already jailbroken then this spyware can be remotely installed via different mediums like messaging, email, etc. However, the implants have not been observed on the latest version of iOS.
On Android, the spyware has similar functionality as its iOS counterpart. But the situation gets even worse as it can be installed on unrooted devices and it is capable of gaining root privileges by abusing the DirtyCow exploit.
FinSpy implants are controlled by FinSpy agents and they are connected to anonymous proxies provided by Gamma Group. These anonymous proxies help them to hide their real location. These implants were detected in at least 20 countries, according to the Kaspersky report.
According to Kaspersky, FinSpy developers are constantly updating the spyware. During their research, they found another version of the threat that was just released. All in all, if the users are aware of these threats and avoid installing apps from untrusted sources or install a decent antivirus then most of the threats can be avoided.
If you want to read a more detailed report, you can refer to the original Kaspersky article here.