Saturday, April 13, 2024

Around 7 Countries ISP Maybe Supporting Hackers in the Distribution of FinFisher Spyware

Security experts spotted a new malware campaign of well know Spyware FinFisher also called FinSpy spreading through Internet Service Providers (ISPs).

FinSpy comes with extend capabilities such as surveillance through webcams and microphones, keylogging, and exfiltration of files. It is famous for various campaigns like spearphishing, Physical access, Waterhole attacks and Spearphishing attacks.

Also Read Now Any One Can Create Ransomware With No Coding Skills

What’s New in this Campaign

Security experts say Attackers may use MitM attack Over ISPs level to distribute the FinFisher spyware also called FinSpy. They noticed the campaign in 7 countries and the Vector being used in Two countries.Also, they said we cannot name them so as not to put anyone in danger.

Some of the famous application used in the attack WhatsApp, Skype, Avast, WinRAR, VLC Player and some others. By the way, any application can be misused in the same way.

So How this Method Work

Let’s consider user searching for anyone compromised software on the legitimate website, after clicking the download button instead of the legitimate link, a modified link will be supplied which downloads the trojan embedded package from attacker server which installs FinFisher spyware also.

Redirection achieved at ISP level to change the legitimate URL to malicious URL by using HTTP 307 Temporary redirect status code.

According to the geographic distribution of ESET’s discovery of recent FinFisher variants implies the MitM attack is occurring at a higher level – an ISP arises as the most feasible option.

ESET researchers assumptions match to leaked documents published by Wikileaks the FinFisher offered by “FinFly ISP” to be deployed on ISP networks with capabilities matching those necessary for performing such a MitM attack.

Second, the infection technique (using the HTTP 307 redirect) is implemented in the very same way in both of the affected countries.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles