The spyware FinFisher is capable of surveillance through webcams and microphones, keylogging and exfiltration of data on an infected device.
Various delivery vectors are used including spear phishing, physical installation or by visiting compromised websites.
However, one of the ways of infection is a Man-in-the-Middle (MitM) attack. When a user downloads a legitimate application, they are then redirected to a installation package hosted on the attacker’s server. When the download is complete the user receives the legitimate application and the spyware on their device.
FinFisher has built in anti-analysis protection which makes it difficult to detect however Microsoft have confirmed that Windows Defender Advanced Threat Protection can now detect and remediate FinFisher on user’s devices. In addition to MitM attacks FinFisher can be installed by exploiting the CVE-2017-8759 vulnerability that has been patched by Microsoft in their September 2017 Patch Tuesday.
Microsoft article on CVE-2017-8759 here
- Microsoft Windows – All versions