Her experts Kaspersky have discovered new versions of the advanced malware tracking tool FinSpy.
ΤNew implants work in both iOS as well as in Android devices, can track activity on almost all popular messaging services, including encrypted ones, and hide their traces better than ever before. The tools allow attackers to spy on all the activities of the devices and steal sensitive data such as GPS location, messages, photos, calls and more.
The FinSpy is a highly effective targeted monitoring software tool that has been observed to steal information from international NGOs, governments and prosecutors worldwide. Its operators can adjust the behavior of any malicious implant FinSpy to each specific goal or group of goals.
The basic functionality of malware includes almost unlimited monitoring of device activity, such as geolocation, incoming and outgoing messages, contacts, files stored on the device, and data from popular messaging services such as WhatsApp, the Facebook Messenger or Viber. All data stolen from the file is transferred to the attacker via SMS or HTTP protocol.
The latest known versions of malware extend the monitoring functionality to additional messaging services, including those considered "secure", such as Telegram, Signal or b. They are also more adept at covering their routes. For example, malware for iOS devices targeting iOS 11 and in older versions, it can now hide jailbreak marks while the new version for Android contains an exploit that can gain root privileges - almost unlimited, full access to all files and commands.
According to Kaspersky, in order to successfully "infect" both Android and iOS devices, the attackers needed either physical access to the phone or a device that has already been jailbroken / rooted. For jailbroken / rooted devices there are at least three possible ways of "infection": SMS, email or push notifications.
According to Kaspersky Telemetry, several dozen mobile devices have been "infected" in the past year.
As he says Alexey Firsh, security researcher at Kaspersky.
In addition, they follow the trends and apply functionality to steal data from applications that are popular at the moment. We observe the victims of FinSpy on a daily basis, as it is worth watching the latest upgrades of the platform and installing them as soon as they are released.
Because, no matter how secure the applications you are using and how secure your data is, once the phone is rooted or jailbroken, it is exposed to spyware.
In order not to fall victim to it FinSpy, Kaspersky's researchers advise:
- Do not leave your smartphone or tablet unlocked and always ensure that no one sees your pin when you use it.
- Do not jailbreak or root your device, as this will make the attacker's job easier.
- Only install apps from official app stores, such as Google Play or the Apple Store.
- Do not follow suspicious links that have been sent to you by unknown numbers.
- In the settings of your device, you prevent the installation of programs from unknown sources
- Avoid sharing your cell phone password, even with someone you trust.
- Never store unknown files or applications on your device, as this may compromise your privacy.
- Download a proven value-added security solution for mobile devices, such as Kaspersky Internet Security for Android.
ΜDo not forget to join (register) in our forum, which can be done very easily by the following button…
(If you already have an account in our forum you do not need to follow the registration link)
Follow us on Telegram!
