![]() ![]() What ties these various campaigns together, aside from the use of FinFisher products, is that the targets are very frequently “human rights defenders”.Īlthough elements of the toolkit targeting macOS users have been known for some while to malware researchers, and some components of the macOS suite do not appear to be functional on the latest iterations of Apple’s desktop platform, our tests confirmed the malware samples shared by Amnesty will still launch and infect a macOS Catalina install, and that some of the dropped malware is not well-known to reputation services like VirusTotal. ![]() The company states that it only partners with “Law Enforcement and Intelligence Agencies” and has a “worldwide presence”.Īmnesty International and other civil rights organizations (e.g., the Citizen Lab), however, have noted FinSpy being used in campaigns targeting “activists, journalists and dissidents” in Egypt, Ethiopia, and the United Arab Emirates (UAE) among others. In this post, we look at how to detect the macOS variant and list some previously unpublished IoCs.Īccording to FinFisher’s own website and marketing material, the company produces tools for “tactical intelligence gathering”, “strategic intelligence gathering”, and “deployment methods and exploitation”. The FinSpy tool was written with multiple capabilities in mind, with everything from keylogger, audio recording, camera and screenshot tools to a remote access shell, file enumeration and exfiltration functions. A report last week from human rights advocates Amnesty International brought to light a macOS variant of a cross-platform spyware suite known as FinSpy, developed and marketed by German-based outfit FinFisher.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |