Amnesty discovered previously unknown security gaps of the surveillance software Linux and macOS server. With the publication of the details of their investigations, the program wants to support cybersecurity research, help cybersecurity providers in the development of protection for human rights to such attacks.
Researchers found further attacks of a group in the course of the investigations and discovered previously unknown versions for Linux and macOS on a server. However, the server should have been operated by a new, unknown group of cyber attackers. It is believed that it is a state backed group that has been active since last year.
The FinSpy For macOS Appeared On The Server
A FinSpy malware was secured over a year ago, which was used against various human rights groups and civil societies in Egypt. It was a malware that attacked Windows systems The attacks were carried out by a group called NilePhish, and the software came from a company called FinFisher. This is about spy malware that can attack Linux systems. But new samples that target Android systems were also discovered and analyzed.
FinFisher has long been involved in the produce of malware which is then sold to numerous state organizations. Officially, it’s about law enforcement. However, the Trojan from Europe is also found in the hands of dictatorial governments, which uppress oppositionists in this way. Knowledge of the exact nature of the cyber attack helps to develop mechanisms – the knowledge gained is made available to other human rights groups accordingly.
There was also a FinSpy downloader for Windows and Android. While these downloaders for Windows have been documented for a long time, their existence for macOS was only assumed and not confirmed. As Amnesty further explains, the code of the macOS of FinSpy is modular.