Security News > 2021 > September > Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky

Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky
2021-09-28 15:50

Kaspersky has presented the findings of an eight-month probe into the FinFisher spyware toolset - including the discovery of a UEFI "Bootkit" infection method and "Advanced anti-analysis methods" such as "Four-layer obfuscation."

The toolkit receives frequent updates to evade detection and add new functionality, with Kaspersky having previously investigated a 2019 update which boosted its spying capabilities to include chat, physical movement, microphone, and camera access, alongside locally stored data capture and exfiltration.

"The amount of work that was put into making FinFisher not accessible to security researchers is particularly worrying and somewhat impressive. It seems like the developers put at least as much work into obfuscation and anti-analysis measures as in the Trojan itself," said Kaspersky's Igor Kuznetsov in a statement as the researchers presented their findings at the Security Analyst Summit 2021 today.

"As a result, its capabilities to evade any detection and analysis make this spyware particularly hard to track and detect. The fact that this spyware is deployed with high precision and is practically impossible to analyse also means that its victims are especially vulnerable, and researchers face a special challenge - having to invest an overwhelming amount of resources into untangling each and every sample."

"I believe complex threats such as FinFisher demonstrate the importance for security researchers to cooperate and exchange knowledge," Kuznetsov concluded, "As well as invest in new types of security solutions that can combat such threats."

Kaspersky's advice to anyone looking to protect themselves from FinFisher and similar attacks: obtain software only from trusted websites; keep all software and the operating system itself up-to-date; "Distrust email attachments by default"; and avoid installing software from unknown sources.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/28/kasperky_finfisher_spyware_report/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kaspersky 27 9 40 5 4 58