New FinSpy Malware Variant Infects Windows Systems

Finfisher Spyware has been upgraded.

The Finspy (Finfisher or Wingbird) has a new variant that you need to be aware of. Finspy is a commercially used spyware that has been detected in the wild since 2011. It was designed to be used with law enforcement however it is most notably famous for being used to spy on a Bahraini activist in the past allegedly and delivered as part of spear-phishing campaigns in September 2017.

Recently the Finfisher has been upgraded to infect  Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager.

Finfisher malicious spyware can be equipped to harvest credentials from the following programs: Thunderbird, Outlook, Apple Mail, and Icedove, intercept Skype contacts, chats, calls and transferred files, and capture audio and video by gaining access to a machine’s microphone and webcam. Leaving you vulnerable to cyber attacks causing stress on costs, resources and your team.

What can you do about it

UEFI is a firmware that can have a Secure Boot add-on which may help ensure your safety and check if any malware has infected with the boot process. However since the UEFI facilitates the loading of the operating system itself, bootkit infections are not only resistant to OS reinstallation or replacement of the hard drive but are also inconspicuous to security solutions running within the operating system.

To learn more about the Spyware check out: Secure List’s Article.


Britec can help

We’re here to help. From seasoned IT teams that just need a bit of support, to organizations who rely on external IT teams –  please contact us if you’re struggling to get issues like this sorted out.