• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

FinSpy strikes again: New versions for iOS and Android targeted surveillance revealed

by Stephen Netto
11/07/2019
in Tech
Reading Time: 3 mins read
0

In a press release earlier today (11 July), Kaspersky revealed that its experts have uncovered new versions of the advanced malicious surveillance tool ‘FinSpy’. The new implants work on both iOS and Android devices, can monitor activity on almost all popular messaging services, including encrypted ones, and hide their traces better than before.

The basic functionality of the malware includes almost unlimited monitoring of the device’s activities: such as geolocation, all incoming and outgoing messages, contacts, media stored on the device, and data from popular messaging services like WhatsApp, Facebook messenger or Viber. All the exfiltrated data is transferred to the attacker via SMS messages or the HTTP protocol.

The latest known versions of the malware extend the surveillance functionality to additional messaging services, including those considered ‘secure’, such as Telegram, Signal or Threema. They are also more adept at covering their tracks, noted Kaspersky.

For instance, the iOS malware, targeting iOS 11 and older versions can now hide signs of jailbreak, while the new version for Android contains an exploit capable of gaining root privileges – almost unlimited, complete access to all files and commands – on an unrooted device.

Based on the information available to Kaspersky, in order to successfully infect both Android and iOS-based devices, attackers need either physical access to the phone or an already jailbroken/rooted device. For jailbroken/rooted phones there are at least three possible infection vectors: SMS message, email, or push notifications.

According to Kaspersky telemetry, several dozen mobile devices have been infected over the past year.

“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes. Moreover, they follow trends and implement functionality to exfiltrate data from applications that are currently popular,” said Alexey Firsh, security researcher at Kaspersky Lab.

“We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and install them as soon as they are released. Because, regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying,” he added.

To avoid falling victim to FinSpy, Kaspersky researchers suggest users to practise the following measures:

  • Do not leave your smartphone or tablet unlocked and always make sure nobody is able to see your pin-code when you enter it.
  • Do not jailbreak or root your device since it will make an attacker’s job easier.
  • Only install mobile applications from official app stores, such as Google Play.
  • Do not follow suspicious links sent to you from unknown numbers.
  • In your device settings, block the installation of programs from unknown sources.
  • Avoid disclosing the password or passcode to your mobile device, even with someone you trust.
  • Never store unfamiliar files or applications on your device, as they could harm your privacy.
  • Download a proven security solution for mobile devices, such as Kaspersky Internet Security for Android.

For the full report, click here.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.
Tags: FinSpySurveillance

Related Posts

MHA’s tech agency awards limited tender of S$17.8m to Israeli company selling “phone hacking” software and devices
Singapore

MHA’s tech agency awards limited tender of S$17.8m to Israeli company selling “phone hacking” software and devices

24/12/2022
Current Affairs

Upgraded German surveillance malware FinSpy purchased by Singapore company closely linked with govt

12/07/2019
Opinion

“Health records” hacking: “Protection” vs “Surveillance”?

23/07/2018
Legislation

At what cost of citizen’s privacy, comes their freedom and security

12/05/2016
Current Affairs

Private company’s silence on alleged purchase of surveillance malware

25/09/2014
Current Affairs

“Weaponised German surveillance malware” purchased by S’pore company: Wikileaks

15/09/2014
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

Peru Congress rejects president’s plan for early elections

Peru Congress rejects president’s plan for early elections

28/01/2023
UMNO purging members as it sacks former health minister Khairy and suspended ex-defence minister Hishammuddin

UMNO purging members as it sacks former health minister Khairy and suspended ex-defence minister Hishammuddin

28/01/2023
WHO panel in talks on COVID emergency status

WHO panel in talks on COVID emergency status

27/01/2023

Two years after Myanmar coup, UN says situation ‘catastrophic’

27/01/2023
Grab driver supposedly earned $5,227.82 in a week prior CNY, netizens voice worries over his health

Grab driver supposedly earned $5,227.82 in a week prior CNY, netizens voice worries over his health

27/01/2023
Philippines to appeal ICC resumption of drug war probe

ICC grants new inquiry into Manila’s deadly ‘war on drugs’

27/01/2023
Minister refutes claims of Malaysia consulting Singapore on housing policy due to its inefficient civil service

Minister refutes claims of Malaysia consulting Singapore on housing policy due to its inefficient civil service

27/01/2023
457 civil society organizations call on ASEAN to move beyond the Five-Point Consensus

Myanmar junta sets out tough new rules for political parties

27/01/2023

Trending posts

Two Indian nationals paid about S$330 and S$730 respectively for forged certificates submitted in their S-Pass application

MOM found issuing EPs meant for foreign PMETs to PRC waitress and general worker

by Correspondent
26/01/2023
36

...

Ho Ching breaks silence over Temasek’s write down of its US$275 million investment in FTX, says it “can afford to be contrarian”

US regulator questions VCs’ due diligence work prior to investing in FTX; Ho Ching says Temasek can afford to be contrarian

by The Online Citizen
24/01/2023
28

...

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

by Yee Loon
26/01/2023
23

...

Indian rupee falls 60% since signing of CECA while Singapore becomes top investor in India

by Correspondent
25/01/2023
55

...

Temasek and GIC reportedly in talks with Adani Group accused of “brazen” market manipulation and accounting fraud

Temasek and GIC reportedly in talks with Adani Group accused of “brazen” market manipulation and accounting fraud

by The Online Citizen
26/01/2023
46

...

FinSpy strikes again: New versions for iOS and Android targeted surveillance revealed

by Stephen Netto
11/07/2019
0

...

July 2019
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Jun   Aug »
  • About Us
  • Subscribe
  • Letter submission
  • Contact Us

© 2006 - 2021 The Online Citizen

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2006 - 2021 The Online Citizen

wpDiscuz