Security News > 2021 > September > SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever
The FinSpy surveillance kit has been driven from its hiding place following an eight-month investigation by Kaspersky researchers.
One day researchers stumbled across a Burmese-language website that hosted both the trojanized installers as well as samples of FinSpy for Android.
"We began detecting some suspicious installers of legitimate applications, backdoored with a relatively small, obfuscated downloader," according to Kaspersky researchers Igor Kuznetsov and Georgy Kucherin, presenting at a retro-themed and virtual Security Analyst Summit 2021 on Tuesday.
The first is a "Pre-validator" that runs multiple security checks to ensure that the device it is infecting does not belong to a security researcher.
Another evasion tactic involves a sample of FinSpy that infects machines by replacing the Windows UEFI bootloader, which is responsible for launching the operating system.
The amount of work put into making FinSpy inaccessible to security researchers is particularly worrying, if impressive, said Kuznetsov.