<<< NEWS FROM THE LAB - Friday, August 30, 2013 >>> ARCHIVES | SEARCH FinFisher Range of Attack Tools Posted by Mikko @ 13:07 GMT FinFisher is a range of attack tools developed and sold by a company called Gamma Group.



Recently, some FinFisher sales brochures and presentations were leaked on the net. They contain many interesting details about these tools.



In the background part of the FinFisher presentation, they go on to explain how Gamma hired the (at-the-time) main developer of Backtrack Linux to build attack tools for Gamma. This is a reference to Martin Johannes M�nch. They also boast how their developers have presented at Black Hat and DEF CON.







The FinUSB tool is used to infect computers via a USB stick. "Can be used e.g. by housekeeping staff".







According to the documents, the FinIntrusion kit can be used to record Usernames and Passwords from wireless networks even if the sites use SSL:







They also highlight that FinIntrusion can be used to steal user's online banking credentials:







The FinFly backdoor (deployed from a USB drive) "can even infect switched off target systems when the hard disk is fully encrypted with TrueCrypt":







FinFly Web exploit can be used to do drive-by-infections and can be integrated by a local ISP to inject the module into Gmail or YouTube when the victim accesses those "trusted" sites:







Another mechanism to infect the victim is to have the victim's ISP automatically poison all of his downloads to include the malware. This can also be done by modifying automatic software updates.







Interestingly, the description of FinSpy Mobile specifically mentions they support Windows Phone. This is the first reference of any malware for Windows Phone we are aware of.













