Security News > 2020 > September > Mac, Linux Users Now Targeted by FinSpy Variants
While the spyware previously targeted Windows, iOS and Android users, researchers have discovered these campaigns using new variants that target macOS and Linux users.
These samples include "Jabuka.app," a FinSpy variant for macOS, and "PDF," a FinSpy variant for Linux.
"Through additional technical investigations into this most recent variant, Amnesty's Security Lab also discovered, exposed online by an unknown actor, new samples of FinSpy for Windows, Android, and previously undisclosed versions for Linux and MacOS computers," said Amnesty International researchers, in a Friday analysis.
Once downloaded the file extracts an installer and executes it, which then checks that the system is not on a virtual machine before extracting a first-stage payload. Like its macOS counterpart, FinSpy for Linux is also obfuscated using LLVM-Obfuscator.
"FinSpy for Mac OS, and similarly its Linux counterpart, follow a modular design," said researchers.