Your new post is loading...
Mobile variants of the commercial FinFisher trojan target BlackBerry, Windows Mobile, Symbian, Android and iOS devices.
The commercial FinFisher FinSpy spyware trojan was created by Gamma International, and its development is believed to take place in Germany. The company sells its trojan toolkit – which is thought to currently support all major operating systems including Linux, Mac OS X and Windows – to governments for use by security agencies. Until now, relatively little was known about the mobile variant of the trojan.
Based on the available code samples, Citizen Lab is convinced that the mobile trojans it analysed are a mobile variant of FinSpy. The trojan is believed to be capable of monitoring rooms through silent calls, downloading files, tracking a user's location, and forwarding phone calls, SMS text messages and emails. FinSpy can also apparently intercept BlackBerry Messenger messages. The trojan typically infects smartphones via specially crafted emails.
The iOS variant requires iOS 4 or later and is executable on all iPad models, on iPhone 4 and 4S devices, and on third and fourth generation iPod Touch devices. The app installs in the background, downloads further code, and injects this code into the startup routine, anchoring itself deep into the system. The researchers found "FinSpyV2" references in the binary. As the binary contains a valid developer certificate and an ad-hoc distribution profile, iOS devices accept it without the need for a jailbreak. The certificate was issued to Martin Münch – the managing director of Gamma International's German subsidiary.
