Home Malware Programs Trojans Trojan:W32/FinSpy.D


Posted: May 7, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 131
First Seen: May 7, 2013
Last Seen: October 30, 2022
OS(es) Affected: Windows

Trojan:W32/FinSpy.D is a variant of FinSpy or FinFisher, a spyware program that is purchased for use, on a rental basis, by various governments and law enforcement entities as a citizen-monitoring solution. Trojan:W32/FinSpy.D keeps to FinSpy's history of heavy political involvement by using distribution methods that target PC users interested in finding information about the May 5th Malaysian elections, which install Trojan:W32/FinSpy.D through a malicious document file. Trojan:W32/FinSpy.D and similar forms of advanced spyware don't show many (if any) obvious symptoms of being installed, but are capable of stealing highly confidential information from infected PCs. Removing Trojan:W32/FinSpy.D should make use of equally competent anti-malware applications with proven histories of being able to uninstall even advanced forms of stealth malware.

Trojan:W32/FinSpy.D: a Recon Shark in the Waters of Malaysian Cyberspace

As a 'legal' model of covert PC surveillance that's been in use by various governments throughout the world, FinFisher continues to be a profitable enterprise with the latest evidence as Trojan:W32/FinSpy.D. Trojan:W32/FinSpy.D is targeted at Malaysians and individuals interested in Malaysian politics, with the installer for Trojan:W32/FinSpy.D taking the form of a specially-crafted DOC file that provides some information on the recent Malaysian elections. This document includes real text content, but also contains a hidden exploit that installs Trojan:W32/FinSpy.D as soon as you open the file with an unprotected PC.

Other regions that have been affected by other variants of FinFisher besides Trojan:W32/FinSpy.D include Ethiopia, Pakistan and Egypt among others. Major attacks that are linked to Trojan:W32/FinSpy.D infections can include:

  • Trojan:W32/FinSpy.D is updated to evade various anti-malware tools, although said tools also are updated to attempt to detect Trojan:W32/FinSpy.D, in a circular race that's common in many well-developed malware campaigns.
  • Trojan:W32/FinSpy.D monitors text input through a keylogging function and can steal any information that's input through your keyboard.
  • Trojan:W32/FinSpy.D also monitors information that's entered into vulnerable Web forms, such as password and login fields, for personal information such as your account sign data.
  • In some cases, Trojan:W32/FinSpy.D and other variants of FinSpy may disguise themselves as unrelated programs, such as the popular Firefox browser (an issue which already has garnered a Cease & Desist letter from Mozilla).
  • Trojan:W32/FinSpy.D also is capable of taking screenshots to capture data that's displayed on your monitor but not accessible through its form-grabbing or keylogging attacks.

Clearing the Waters of a State-Sponsored Spy

Trojan:W32/FinSpy.D is part of an ongoing and well-developed campaign headed by industry professionals and sponsored by well-funded government entities and isn't easy for casual PC users to detect or remove. SpywareRemove.com malware experts emphasize the need to keep all of your security software, including any anti-malware scanners, updated if you want to be able to detect Trojan:W32/FinSpy.D and other variants of FinSpy with the utmost accuracy.

Although Trojan:W32/FinSpy.D enjoys an unusual origin, Trojan:W32/FinSpy.D still should be considered the same as any other kind of malicious software: a dangerous and privacy-invading infection that should be removed as quickly as is manageable. Updated and robust anti-malware products should be able to remove Trojan:W32/FinSpy.D, but out-of-date security software may be inadequate for detecting Trojan:W32/FinSpy.D, given the professionalism of its development and maintenance team.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

Mime Type: unknown/doc
Group: Malware file