Are you being watched?

FinFisher government spy tool found

hiding as WhatsApp and Skype


Malware used by intelligence agencies spotted in 7 countries, experts said.

Legitimate downloads of popular software including WhatsApp, Skype and VLC Player are allegedly being hacked at an internet service provider (ISP) level to spread an advanced form of surveillance software known as “FinFisher”, cybersecurity researchers warn.

FinFisher is sold to global governments and intelligence agencies and can be used to snoop on webcam feeds, keystrokes, microphones and web browsing. Documents, previously published by WikiLeaks, indicate that one tool called “FinFly ISP” may be linked to the case.

Iran’s hackers exposed: ‘APT33’ group, tied to destructive malware, seeks military secrets

The digital surveillance tools are peddled by an international firm called Gamma Group and have in the past been sold to repressive regimes including Bahrain, Egypt and the United Arab Emirates (UAE).

In March this year, the company attended a security conference sponsored by the UK Home Office.

This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by “man in the middle” (MitM) attacks at an ISP level – packaging real downloads with spyware.

Companies hit included WhatsApp, Skype, Avast, VLC Player and WinRAR, it said, adding that “virtually any application could be misused in this way.”

When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found.

When downloaded, the software would install as normal – but Eset found it would also be covertly bundled with the surveillance tool.

The stealthy infection process was described as being “invisible to the naked eye.”

The seven countries were not named for security reasons, Eset said. WhatsApp and VLC Player did not respond to request for comment by the time of publication.

A Microsoft spokesperson, referencing the Skype infections, told IBTimes UK: “Windows Defender antivirus cloud protection already automatically identifies and blocks the malware.

“For non-cloud customers, we’ve deployed signatures to protect against this in our free antivirus software,” the statement added.

An Avast spokesperson said: “Attackers will always focus on the most prominent targets.

“Wrapping official installers of legitimate apps with malware is not a new concept and we aren’t surprised to see the PC apps mentioned in this report.

“What’s new is that this seems to be happening at a higher level.

“We don’t know if the ISPs are in cooperation with the malware distributors or whether the ISPs’ infrastructure has been hijacked.”

The latest version of FinFisher was spotted with new customised code which kept it from being discovered, what Eset described as “tactical improvements.” Some tricks, it added, were aimed at compromising end-to-end (E2E) encryption software and known privacy tools.

One such application was Threema, a secure messaging service.

“The geographical dispersion of Eset’s detections of FinFisher variants suggests the MitM attack is happening at a higher level – an ISP arises as the most probable option,” the team said.

“One of the main implications of the discovery is that they decided to use the most effective infection method and that it actually isn’t hard to implement from a technical perspective,” Filip Kafka, a malware researcher at Eset, told IBTimes UK.

“Since we see have seen more infections than in the past surveillance campaigns, it seems that FinFisher is now more widely utilised in the monitoring of citizens in the affected countries.”

Anyone with any knowledge of these things let me know……


  1. Prepare for a strongly regulated internet. And of coarse new fees and taxes to battle against this kind of thing. I can remember when Trump said there was no privacy on the internet. Too bad the good guys aren’t using the same kind of methods to catch these people. Society doesn’t allow us to advance up from the sheep level where all of the predators can pick and choose their next victim. We have to trust our identity to others who just leave it where eventually security is lax and they can get in. And as usual we lose. Not the ones who demand it from us for what they say is our protection. In this world you can catch all of the good guys doing everything on the internet. But the bad guys are the ones who seem to have some kind of better security than we have. Equifax! I never told them anything about me and still, they know and archived everything about me. Now someone else did it to them and has it all. Equifax says they are sorry. Ahhhhh. But if they don’t have our info, Then they can’t tell others that you are credible. Such a play on words. How ironic. Makes you want to laugh silently a little but you throw up just a little instead. Many of those free games that you can download are chuck full of malware. Beware of the freebies. It all starts at that little box on the computer screen that says “allow”. When you press it for the download, God only knows what you are allowing inside of your once clean virgin computer.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.