FinFisher, a software application used by law enforcement agencies for surveillance, appears to be far more widespred than originally thought.Sold by British company Gamma Internationl Gmbh, FinFisher secretly monitors computers by turning on webcams, recording everything the user types with a keylogger, and monitoring Skype calls.
It can also bypass popular antivirus products, communicate covertly with remote servers, record emails, chats, and VOIP calls, and harvesting data from the hard drive.
On Wednesday, computer security company Rapid7 researcher Claudio Guarnieri shared new details of the workings of FinFisher, a piece of malware sold by UK contractor Gamma Group to government agencies. He found FinFisher servers at work in Australia, Czech Republic, United Arab Emirates, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar, and the United States.
Rapid7 has published the IP addresses and communication "fingerprint" of the command and control servers it has discovered. The information can be used in intrusion detection systems. "If you can identify those networks actually communicating with those IPs, it most likely means some of the people on those networks are being spied on in some way," Guarnieri said.
Muench, who is based in Munich, has said his company didn’t sell FinFisher spyware to Bahrain. He said he’s investigating whether the samples used against Bahraini activists were stolen demonstration copies or were sold via a third party.