Smartphone spyware FinSpy is back and thriving

Cybersecurity vendor Kaspersky has reported that FinSpy, a piece of malware that allows private information to be stolen from smartphones, has made a reappearance.

FinSpy spyware is apparently made by German company Gamma Group and sold by its UK sub-division Gamma International to governments and state agencies so that they can spy on their citizens. It has been around for a few years but seems to be experiencing a renaissance, with activity recorded in Myanmar last month.

The recent appearance of FinSpy has brought to light the IOS and Android mobile implants that can install this spyware on mobile devices. This now enables the FinSpy spyware to collect personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data from some of the most used messenger services including Facebook, WhatsApp and Skype among others.

The greatest cause for concern is FinSpy’s ability to gain this information even if the phone’s user is running an encryption program. Talking about encryption, FinSpy’s developers have been improving their own encryption to reduce the risk of traceable activity being discovered, the Kaspersky report claims.

“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes,” Alexey Firsh, a security researcher at Kaspersky Lab, told Cyberscoop. “We observe victims of the FinSpy implants on a daily basis.”

Kaspersky has also claimed that these implants were detected in almost 20 countries however it’s likely the real number is higher. These new implants appear to be a real threat, with the developers constantly updating the spyware by reducing its trace while improving it to the point where it can break through encryption. FinSpy along with Gamma group are thriving although Kaspersky says it is conducting further investigations to tackle this issue.