Implant FinSpy was able to read even the protected chat rooms in Telegram and WhatsApp

Kaspersky Lab has detected a new version of FinSpy spyware that can monitor all user’s actions on a mobile device.

The malware collects information from instant messengers using encryption, such as Telegram, WhatsApp, Signal and Threema. The FinSpy implant for iOS can hide traces of a jailbreak, and the Android version contains an exploit to get root permissions and execute commands on an unlocked device.

To install malware, you need physical access to the device or the possibility of infection through SMS messages, email or push notification if the device has been jailbroken or an older version of Android is being used.

FinSpy is actively used in targeted espionage, because an attacker can monitor the entire operation of a device. An attacker gains access to contacts, emails, SMS, calendar entries, GPS data, photos, saved files, voice call recordings and data from instant messengers, according to a detailed report.

Read also: Iranian APT group invades government networks with malware via vulnerability in Outlook

The creators of FinSpy constantly monitor new ways to protect mobile devices and quickly update their program. They also identify the most popular applications among potential victims for more successful information gathering.

“FinSpy is a spy program of the German company Gamma Group. Through its subsidiary, Gamma International, it sells its spyware to governments and law enforcement agencies around the world. Overall, use of FinSpy implants was recorded in about 20 countries. However, taking into account the size of the Gamma Group’s client base, it is likely that the real number of victims is much higher and the geography is much wider”, – reported in Kaspersky Lab.

Users are advised not to leave mobile devices unlocked, not to tell anyone password on it, install programs only from official app stores, not follow suspicious links from unknown numbers, block the ability to install programs from unknown sources, regularly check and immediately remove unknown apps, and also install reliable antivirus programs.