
Preface: Digital spyware and monitoring tech that allows the user to covertly monitor a target’s communications, or collect personal data emitted from their devices.
Background: FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels. On August 6, 2014, FinFisher source code, pricing, support history, and other related data were retrieved from the Gamma International internal network and made available on the Internet.
Synopsis: Found a UEFI bootkit that was loading FinSpy. All machines infected with the UEFI bootkit.
Impact:
– Bypasses kernel protections (NX and Patch guard)
– Bypasses local authentication
– Elevated process privileges
Technical details: Found a UEFI bootkit that was loading FinSpy. All machines infected with the UEFI bootkit had the Windows Boot Manager (bootmgfw.efi) replaced with a malicious one. Kaspersky said.
Ref: FinSpy is a full-fledged surveillance software suite, capable of intercepting communications, accessing private data, and recording audio.
For more detailed information on the findings of this survey, please visit the Kaspersky website for details – https://securelist.com/finspy-unseen-findings/104322/#iocs