Trojan:W32/FinSpy.D

Trojan:W32/FinSpy.D is a variant of FinSpy or FinFisher, a spyware program that is purchased for use, on a rental basis, by various governments and law enforcement entities as a citizen-monitoring solution. Trojan:W32/FinSpy.D keeps to FinSpy's history of heavy political involvement by using distribution methods that target PC users interested in finding information about the May 5th Malaysian elections, which install Trojan:W32/FinSpy.D through a malicious document file. Trojan:W32/FinSpy.D and similar forms of advanced spyware don't show many (if any) obvious symptoms of being installed, but are capable of stealing highly confidential information from infected PCs. Removing Trojan:W32/FinSpy.D should make use of equally competent anti-malware applications with proven histories of being able to uninstall even advanced forms of stealth malware.

Trojan:W32/FinSpy.D: a Recon Shark in the Waters of Malaysian Cyberspace

As a 'legal' model of covert PC surveillance that's been in use by various governments throughout the world, FinFisher continues to be a profitable enterprise with the latest evidence as Trojan:W32/FinSpy.D. Trojan:W32/FinSpy.D is targeted at Malaysians and individuals interested in Malaysian politics, with the installer for Trojan:W32/FinSpy.D taking the form of a specially-crafted DOC file that provides some information on the recent Malaysian elections. This document includes real text content, but also contains a hidden exploit that installs Trojan:W32/FinSpy.D as soon as you open the file with an unprotected PC.

Other regions that have been affected by other variants of FinFisher besides Trojan:W32/FinSpy.D include Ethiopia, Pakistan and Egypt among others. Major attacks that are linked to Trojan:W32/FinSpy.D infections can include:

• Trojan:W32/FinSpy.D is updated to evade various anti-malware tools, although said tools also are updated to attempt to detect Trojan:W32/FinSpy.D, in a circular race that's common in many well-developed malware campaigns.
• Trojan:W32/FinSpy.D monitors text input through a keylogging function and can steal any information that's input through your keyboard.
• Trojan:W32/FinSpy.D also monitors information that's entered into vulnerable Web forms, such as password and login fields, for personal information such as your account sign data.
• In some cases, Trojan:W32/FinSpy.D and other variants of FinSpy may disguise themselves as unrelated programs, such as the popular Firefox browser (an issue which already has garnered a Cease & Desist letter from Mozilla).
• Trojan:W32/FinSpy.D also is capable of taking screenshots to capture data that's displayed on your monitor but not accessible through its form-grabbing or keylogging attacks.

Clearing the Waters of a State-Sponsored Spy

Trojan:W32/FinSpy.D is part of an ongoing and well-developed campaign headed by industry professionals and sponsored by well-funded government entities and isn't easy for casual PC users to detect or remove. SpywareRemove.com malware experts emphasize the need to keep all of your security software, including any anti-malware scanners, updated if you want to be able to detect Trojan:W32/FinSpy.D and other variants of FinSpy with the utmost accuracy.

Although Trojan:W32/FinSpy.D enjoys an unusual origin, Trojan:W32/FinSpy.D still should be considered the same as any other kind of malicious software: a dangerous and privacy-invading infection that should be removed as quickly as is manageable. Updated and robust anti-malware products should be able to remove Trojan:W32/FinSpy.D, but out-of-date security software may be inadequate for detecting Trojan:W32/FinSpy.D, given the professionalism of its development and maintenance team.

Technical Details