Typically used by law enforcement and government officials, FinSpy is a surveillance software that can be covertly placed on a target’s computer or device to obtain data. Recently, a modified version has been seen in the wild by researchers at Kaspersky, targeting Android and iOS devices. This version is able to eavesdrop on calls and texts that are passed through various messaging apps such as Signal, Telegram, Threema, WhatsApp, Facebook Messenger, and Viber amongst others. On top of being able to view data on these apps, the spyware is able to hide signs of jailbreaking on iPhones using iOS 11 or older. It also has the ability to gain root access privileges on Android devices. Physical access is necessary to achieve infection, and it is much easier if a device is already jailbroken or rooted. SMS messages, emails, and push notification can be used to achieve this. “We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and install them as soon as they are released. Regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying,” stated Kaspersky.
Analyst Notes
While the spyware is able to still be effective, users should avoid jailbreaking or rooting their devices. This makes them extremely susceptible to multiple attack methods.
