The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.
The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from the most popular “secure” messaging platforms.
FinSpy is a targeted tool sold by European firm Gamma Group to governments and law-enforcement organizations; it’s been around since 2011, but recently Kaspersky researchers have seen new instances of it within the firm’s telemetry, including activity recorded in Myanmar last month. According to Kaspersky, several dozen unique mobile devices have been infected over the past year, using revamped implants.
“FinSpy…is able to monitor almost all device activities, including recording VoIP calls via external apps such as Skype or WhatsApp,” researchers said in a blog post on Wednesday, adding that targeted applications also include secure messaging platforms such as Threema, Signal and Telegram. “After the deployment process, the implant provides the attacker with almost unlimited monitoring of the device’s activities.”
There’s a catch though for operators going after iOS users: The implant can only be installed on jailbroken devices; and, an attacker would need physical access to the device in order to jailbreak it. If a device is already jailbroken, remote infection vectors include malicious SMS messages or emails, and WAP push messaging, which can be sent from the FinSpy Agent operator’s terminal.
Also, the latest iPhone/iPad version is compatible with iOS 11 and below, but newer versions of the Apple operating system are not confirmed as susceptible; also, implants for iOS 12 have not been observed.
The Android version meanwhile can be installed manually if the attacker simply has physical access to the device, or remotely using the same three remote infection vectors as the iOS version.
Author: Tara Seals • July 10, 2019 11:57 am
Read more about this story at Threat Post LINK
Original story reported by ThreatPost.com • Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.