FinFisher, also known as FinSpy, is a spyware that is covertly run on target's system often by government law enforcement, through security flaws in the underlying system update of the devices.
The infamous spyware was created by Gamma International, a German security company, with the sole purpose of serving as government-grade commercial surveillance software that target various systems, including mobile platforms like iOS and Android. FinSpy is fully capable of infiltrating target mobile devices to steal personal information, such as from SMS Messages, Phone calls, emails, files, contacts and GPS data, extensively deployed in the targeting of human right activists in many countries by rogue governments.
Kaspersky researchers uncovered an ongoing cyber-espionage campaign involving the infamous spyware that's targeted at users in the Southeastern Asian country of Myanmar with implants via iOS and Android smartphones.
The security researchers spotted the new versions of FinSpy that specifically target mobile operating systems and also capable of recording calls via third-party apps like WeChat, Viber, Skype, and LINE, among others. Even, the so-called secure messaging applications such as WhatsApp, Signal, and Telegram are not spared by the spyware.
Albeit, there are some setbacks given that FinSpy require root privileges on a targeted device to work properly, it's unable to function on iOS devices without jailbreaking, which is achievable only with physical access or remotely, in the possibility of zero-day vulnerabilities.
The new versions of the FinSpy spyware were exploited in the wild in almost 20 countries, which according to Kaspersky, Gamma Group have recreated parts of the original implants, through extended support functionality, making it harder to analyze and detect the new implants in order to retain its position in the market.