#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

FinFisher Spying tool | Breaking Cybersecurity News | The Hacker News

Category — FinFisher Spying tool
Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar

Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar

Jul 10, 2019
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy —also known as FinFisher —has been discovered in the wild targeting users in Myanmar. Created by German company Gamma International, FinSpy is spying software that can target various mobile platforms including iOS and Android, we well as desktop operating systems. Gamma Group reportedly sells its controversial FinSpy espionage tool exclusively to government agencies across the world, but also gained notoriety for targeting human rights activists in many countries. The FinSpy implant is capable of stealing an extensive amount of personal information from targeted mobile devices, such as SMS/MMS messages, phone call recordings, emails, contacts, pictures, files, and GPS location data. In its latest report published today, Kaspersky researchers revealed a cyber-espionage campaign that involves targeting Myanmar users with the latest versions of FinSpy impl...
Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

Oct 16, 2017
FinSpy —the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis . The critical type confusion vulnerability, tracked as CVE-2017-11292 , could lead to code execution and affects Flash Player 21.0.0.226 for major operating systems including Windows, Macintosh, Linux and Chrome OS. Researchers say BlackOasis is the same group of attackers which were also responsible for exploiting another zero-day vulnerability ( CVE-2017-8759 ) discovered by FireEye researchers in September 2017. Also, the final FinSpy payload in the current attacks exploiting Flash zero-day (CVE-2017-11292) shares the same command and control (C&C) server as the...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
ISPs May Be Helping Hackers to Infect you with FinFisher Spyware

ISPs May Be Helping Hackers to Infect you with FinFisher Spyware

Sep 21, 2017
Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate? Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSpy. FinSpy is a highly secret surveillance tool that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies across the world. The spyware has extensive spying capabilities on an infected computer, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types with a keylogger, intercepting Skype calls, and exfiltration of files. In order to get into a target's machine, FinFisher usually uses various attack vectors, including spear phishing, manual installat...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit

Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit

Apr 13, 2017
Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot. Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian targets since at least this January. The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post , revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft. For those unaware, the vulnerability (CVE-2017-0199) is a code execution flaw in Word that could allow an attacker to take over a fully patched and up to date computer when the victim opens a Word document containing a booby-trapped OLE2link object, which downloads a malicious HTML app fro...
Police Arrested Suspected Hacker Who Hacked the 'Hacking Team'

Police Arrested Suspected Hacker Who Hacked the 'Hacking Team'

Feb 01, 2017
Remember the Hacker who hacked Hacking Team ? In 2015, a hacker named Phineas Fisher hacked Hacking Team – the Italy-based spyware company that sells spying software to law enforcement agencies worldwide – and exposed some 500 gigabytes of internal data for anyone to download. Now, the Spanish authorities believe that they have arrested Phineas Fisher, who was not just behind the embarrassing hack of Hacking Team, but also hacked the UK-based Gamma International, another highly secretive company which sells the popular spyware called " FinFisher ." During an investigation of a cyber attack against Sindicat De Mossos d'Esquadra (SME), Spain's Catalan police union, police in Spain have arrested three people, one of which detained in the city of Salamanca is suspected of being Fisher, according to local newspaper ARA . The cyber attack was carried out in May last year when Fisher announced via his own Twitter account that he had hacked the SME and also publ...
Detekt — Free Anti-Malware Tool To Detect Govt. Surveillance Malware

Detekt — Free Anti-Malware Tool To Detect Govt. Surveillance Malware

Nov 21, 2014
Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance tool, called Detekt , is an open source software app released in partnership with Human rights charity Amnesty International, Germany's Digitale Gesellschaft, the Electronic Frontier Foundation ( EFF ) and Privacy International, in order to combat government surveillance. NEED AN EYE FOR AN EYE The global surveillance carried out by the US National Security Agency (NSA) and other government agencies recently disclosed by the former NSA contractor Edward Snowden shed light on just how far our own government can go to keep track of citizens, whether innocent or otherwise. Therefore, such tool will help them see if their devices have been infected by any spyware. Detekt was dev...
Company That Sells 'FinFisher' Spying Tool Got Hacked, 40GB Data Leaked

Company That Sells 'FinFisher' Spying Tool Got Hacked, 40GB Data Leaked

Aug 07, 2014
FinFisher spyware, a spyware application used by government and law enforcement agencies for the purpose of surveillance, appears to have been hacked earlier this week and a string of files has been dumped on the Internet. The highly secret surveillance software called " FinFisher " sold by British company Gamma International can secretly monitors computers by turning ON webcams, recording everything the user types with a keylogger, and intercepting Skype calls, copying files, and much more. A hacker has claimed on Reddit and Twitter that they'd infiltrated the network of one of the world's top surveillance & motoring technology company Gamma International, creator of FinFisher spyware, and has exposed 40GB of internal data detailing the operations and effectiveness of the FinFisher suite of surveillance platforms. The leaked information was published both on a parody Gamma Group Twitter account ( @GammaGroupPR ) and Reditt by the hacker that began publishi...
Expert Insights / Articles Videos
Cybersecurity Resources