Recently Amnesty International researchers have observed several FinSpy campaigns targeting macOS and Linux users in Egypt. The Windows, Android, and iOS variants have already been available for quite some time.
The new FinSpy variants have been used for targeting the Egyptian human rights defenders and media and civil society organizations.
The newly discovered variants of FinSpy include Jabuka.app for Mac OS and PDF for Linux, both disclosed for the first time.
These newer versions were seen exploiting a bug in Mac OS X < 10.9 (fixed in 2013 or 2014) and Python exploit for CVE-2015-5889 (targets Apple OS X before 10.11).
Researchers also discovered the enhanced variants for Windows (wrar571.exe) and Android (WIFI.apk) that were generated between April 2019 and November 2019.
Decade-old connection with the Egyptian regime
Investigators had found the involvement of the Egypt's state security apparatus for contracts of the sale of FinSpy with Gamma International UK Ltd almost one decade ago, in 2011.
Since its first discovery, FinSpy has been used to target HRDs and civil society in many countries, including Bahrain (2012), Ethiopia (2014), and Turkey (2018).