Kaspersky Lab security researchers have discovered a new version of FinFisher spyware. The new version of FinFisher for Android and iOS phones has been in use since 2018, and in June this year, security researchers discovered the latest developments in FinFisher in Myanmar.
The upgraded FinFisher (FinSpy) collects data from contacts, SMS/MMS, email, calendar, GPS location, photos and phone RAM in infected phones, as well as recording phone calls and dumping traffic from popular sources Software images and messages.
According to Kaspersky, after analyzing the new version of FinFisher, the Android and iOS versions of FinFisher have almost the same functionality, only some differences in infection methods and supported communication software. On Android, FinFisher can dump and steal chats, pictures, videos and contacts from Facebook Messenger, Skype, Signal, BlackBerry Messenger, Telegram, Threema, Viber, WhatsApp, Line, and InstaMessage.
On iOS, FinFisher supports Facebook Messenger, Skype, Threema, Signal, InstaMessage, BlackBerry Messenger, and WeChat. In addition, FinFisher can record VoIP calls via WeChat, WhatsApp, Skype, Line, Viber, Signa, BlackBerryMessenger or KakaoTalk. The new version of FinFisher is not available for newer iOS 12.x, but the software is constantly being upgraded, and iOS 12.x will be affected in future releases.
Kaspersky said that if the iPhone is not jailbroken, the only infection method is physical access. But in the FinFisher Android version, the software looks for tools such as SuperSU and Magisk installed on the user’s phone or uses the DirtyCow vulnerability to gain root privileges.
FinFisher spyware was originally manufactured and sold by the Gamma Group, a company that sells spyware. In 2014, hackers attacked the company’s servers and stole hacking tools, including FinFisher. Since the discovery of this new FinFisher on iOS and Android in late 2018, Kaspersky has found the software in 20 countries.