Home Malware Programs Spyware FinFisher


Posted: August 20, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 78
First Seen: August 20, 2012
OS(es) Affected: Windows

FinFisher is a spyware program that's marketed to various governments as a form of legal surveillance to prevent computer-related crimes. While FinFisher is ostensibly a benign product that's only used for law enforcement purposes, some copies of FinFisher have been compromised and used to steal valuable information, while other copies of FinFisher have been known to be used in dictatorships and other questionable regimes – most famously, during the rule of Egypt's Hosni Mubarak. iTunes users were very much at risk for earlier distributions of FinFisher, which exploited vulnerabilities in the iTunes installation routine to install itself. Although this vulnerability has been patched, the Gamma International Company is still selling FinFisher, and it can be assumed that other installation methods have been found.

FinFisher – the Government-Sponsored Spy with Nothing to Lose

FinFisher is installed without your permission through a variety of deceptive means. Past versions of FinFisher used an iTunes vulnerability that took Apple three years to fix – with neither explanations nor apologies from Apple forthcoming for this security lapse. As a law enforcement-tuned form of spyware, is a highly-sophisticated PC threat that can evade many brands of anti-malware scanners, break through data encryption (such as codes used to protect bank accounts and passwords), monitor various forms of communications (instant messengers, webcams, microphones, etc.) and use keylogging attacks to record typed information.

Malware analysts have also found instances of FinFisher being installed on publicly-available PCs such as the systems of Korea's ever-popular Internet cafes. Like any good spyware Trojan, FinFisher doesn't show symptoms of its many attacks, even though FinFisher allows network-based compromises of your PC's security and privacy as soon as FinFisher is installed.

FinFisher also is notable for its especial focus on Skype communication software and can monitor Skype-based calls, file transfers, normal text chats, video and even contact lists.

Keeping Out of the Way of the FinFisher Net

FinFisher's company, Gamma International, does monitor its users and shuts down illegal uses of FinFisher. However, these safeguards aren't guaranteed to work fast enough to prevent personal information from being stolen through unauthorized usage of FinFisher. Moreover, not all strictly-legal uses of FinFisher have been considered particularly benevolent, since FinFisher is also sold to totalitarian dictatorships and other governments of questionable standing, in addition to relatively trustworthy first world governments.

Despite its penchant for avoiding common detection methods, FinFisher should be removable by high-quality anti-malware programs. Nongovernment activist organizations that are dedicated to PC security and government surveillance issues, such as Wikileaks, can be considered good sources for new infection vectors by FinFisher and other forms of government-sponsored spyware. SpywareRemove.com malware analysts also suggest avoiding public PCs, such as library terminals, while you're conducting any form of confidential activities.

One Comment

  • Lin Fisher says:

    I have a level 6 , detection count of 244. I frequent anti establishment sites like Wikileaks. How do I remove this. When I go into RT for instance the page refreshes 2 or 3 times which is suspicious. Norton anti virus doesn't pick anything up. I am a 70 year old woman and not too savvy with electronics so help with this would be necessary in order for me to accomplish this.