“The new implants work on both iOS and Android devices and can monitor activity on almost all popular messaging services, including encrypted ones, and hide their traces better than before,” the July 10 press release said.
The implants are able to hide signs of jailbreak on iOS and gain root privileges on an unrooted Android device. “The Android implant has similar functionality to the iOS version, but it is also capable of gaining root privileges on an unrooted device by abusing the DirtyCow exploit, which is contained in the malware. FinSpy Android samples have been known for a few years now. Based on the certificate data of the last version found, the sample was deployed in June 2018,” researchers wrote.
A highly effective software tool used for targeted surveillance, FinSpy is being used by operators who tailor the behavior of each malicious implant to a specific target or group of targets, allowing attackers to steal information from devices the world over. Several dozen devices have reportedly been infected over the past year.
“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes,” said Alexey Firsh, security researcher at Kaspersky, in the press release.
“Moreover, they follow trends and implement functionality to exfiltrate data from applications that are currently popular. We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and install them as soon as they are released. Regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying.”