Security researchers have discovered a new improved version of the FinFisher spyware spying both iOS and Android users.
The new version was discovered by security researchers at Kaspersky labs spying both iOS and Android users in 20 countries.
“According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. Late in 2018, experts at Kaspersky looked at the functionally latest versions of FinSpy implants for iOS and Android, built in mid-2018.”
Both the iOS and Android version of FinFisher spyware has the same capability including collecting personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recording and data from messaging apps.
The new version is also is capable of record VoIP calls via popular apps such as Skype, Whatsapp, Threema, Signal, and Telegram.
The infection technique for iOS and Android versions are different. In the case of iOS, it does not provide infection exploits for its customers and the implants can be installed only on jailbroken devices.
In iOS version SMS message, email, and WAP Push are used as a possible infection vector.
Researchers also noted that the new version of FinFisher implant doesn’t support iOS 12.
The Android version FinFisher spyware has the same capability as the iOS version, but it also capable of gaining root privileges on an unrooted device by abusing the DirtyCow exploit.
“FinSpy developers are constatly working on the updates for their malware. At the time of publication, Kaspersky researchers have found another version of the threat and are currently investigating this case.” said in the analysis published by Kaspersky labs.
“A full set of IOCs, including YARA rules, is available to customers of the Kaspersky Intelligence Reporting service. For more information, contact firstname.lastname@example.org.”
You may be interested in reading: New GandCrab Ransomware Campaign Targets MySQL Servers on Windows