Spying malware “FinSpy” has come back again in Egypt. This time in new campaigns is attacking activists and protestor organizations. Cyber experts have found evidence that the malware is attacking Linus and macOS users. In earlier campaigns, the spyware used to attack Android, Windows, and iOS users. But now, according to researchers, these campaigns are using malware that attacks Linux and macOS systems.
FinSpy is a spying malware used for monitoring and surveillance purposes. According to the findings by Amnesty International, the new malware variants can record target’s calls, control audio, and video, monitor chats and steal personal data. Law enforcement agencies and government has been using this software since 2011.
But in recent findings, the experts identified new variants of the spyware operating since October 2019. The sample “PDF” targets Linux, and the sample “Jabuka.app” targets macOS users; both the samples are FinSpy variants. Researchers announced the samples to the public last week.
According to Amnesty International, “In September 2019, Amnesty International discovered samples of FinFisher’s spyware distributed by malicious infrastructure tied to the attacker group, commonly known as NilePhish. Likely to be state-sponsored, these attacks took place amid an unprecedented crackdown on independent civil society and critical voices. Over the years, numerous research reports, including Amnesty International, detailed NilePhish’s campaigns of targeting Egyptian civil society organizations.”
Enforcement agencies and the government has been using FinSpy since 2011. But through the years, experts have noticed that the spyware has become more creative in its approaches. Amnesty International had published a report in 2019. It covered how phishing campaigns in Egypt were targeting Human Rights organizations, activists, civil societies, and protestor organizations. The campaign was operated by a hacking group called “NilePhish.”
Amnesty reports, “the attacks all bear the same hallmarks and appear to be part of a coordinated campaign to spy on, harass and intimidate their targets.”
Kaspersky, in 2019, reported that it had observed new variants of spying malware working in Myanmar. Experts say that the new malware variant has infected over a dozen of Android and iOS devices.