<<<
NEWS FROM THE LAB - Friday, August 30, 2013
>>>
 

 
FinFisher Range of Attack Tools Posted by Mikko @ 13:07 GMT

FinFisher is a range of attack tools developed and sold by a company called Gamma Group.

Recently, some FinFisher sales brochures and presentations were leaked on the net. They contain many interesting details about these tools.

In the background part of the FinFisher presentation, they go on to explain how Gamma hired the (at-the-time) main developer of Backtrack Linux to build attack tools for Gamma. This is a reference to Martin Johannes M�nch. They also boast how their developers have presented at Black Hat and DEF CON.

FinFisher

The FinUSB tool is used to infect computers via a USB stick. "Can be used e.g. by housekeeping staff".

FinFisher

According to the documents, the FinIntrusion kit can be used to record Usernames and Passwords from wireless networks even if the sites use SSL:

FinFisher

They also highlight that FinIntrusion can be used to steal user's online banking credentials:

FinFisher

The FinFly backdoor (deployed from a USB drive) "can even infect switched off target systems when the hard disk is fully encrypted with TrueCrypt":

FinFisher

FinFly Web exploit can be used to do drive-by-infections and can be integrated by a local ISP to inject the module into Gmail or YouTube when the victim accesses those "trusted" sites:

FinFisher

Another mechanism to infect the victim is to have the victim's ISP automatically poison all of his downloads to include the malware. This can also be done by modifying automatic software updates.

FinFisher

Interestingly, the description of FinSpy Mobile specifically mentions they support Windows Phone. This is the first reference of any malware for Windows Phone we are aware of.

FinFisher