December 8, 2023

FinFisher commercially developed for surveillance has been upgraded to infect Windows devices using a UEFI bootkit using a trojanized Windows Boot Manager.

FinFisher is a spyware toolset for Windows, macOS, and Linux developed for exclusively to law enforcement and intelligence agencies. But like with NSO Group’s Pegasus, the software has also been used to spy.

FinFisher is equipped to harvest user credentials, file listings, sensitive documents, record keystrokes, siphon email messages from Thunderbird, Outlook, Apple Mail, and Icedove, intercept Skype contacts, chats, calls and transferred files, and capture audio and video by gaining access to a machine’s microphone and webcam.

Previously deployed through tampered installers of legitimate apps such as TeamViewer, VLC, and WinRAR which backdoored with an obfuscated downloader, subsequently via Master Boot Record bootkits for injecting a malicious loader in a manner to evade security tools.

The latest feature to be added is the ability to deploy a UEFI bootkit to load FinSpy, with new samples exhibiting properties that replaced the Windows UEFI boot loader with a malicious variant as well as boasting of four layers of obfuscation and other detection-evasion methods to slow down reverse engineering and analysis.

This enables threat actors to have control over the boot process, achieve persistence, and bypass all security defences, caution required.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Meta enables Messenger with E2EE by Default

December 8, 2023

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023
%d