The FinFisher surveillance software masqueraded as a benign bookmark manager, according to detection by the Detekt software.
According to the Register, developer Claudio Guarnieri said on Twitter that Detekt discovered the malicious toolkit and an unknown user uploaded the file to the Virus Total analysis engine. The malware was signed with a Comodo certificate signed by ‘Jagdeependra’ and not the author of the bookmark manager Outertech.
FinFisher is a cross-platform tool that can infect computers and Smartphones to help police and intelligence agencies spy on political dissidents, journalists and other targets. It has previously defended its technology as “powerful tools in the fight against sophisticated groups involved in terrorism and organised crime” that “provides the capacity for the law enforcement agencies carefully to monitor and control the extent of any investigation and provides a comprehensive activity log for the entire operation”.
Detekt is a program designed to spot spying software and developed by Amnesty International, the Electronic Frontier Foundation, Privacy International and Digitale Gesellschaft, although questions have been asked about its capability.
Tomer Weingarten, CEO of SentinelOne, told IT Security Guru that there were several similarities between FinFisher and Regin.
He said: “The fact that Regin is a highly modular and “all-purpose” platform indicates that it probably is commercially sold code like FinFisher. The variety of targets, locations and segments seen in the wild is also consistent with Regin being used by multiple actors, possibly small Governments, for espionage.”