New Variants of Cross-platform FinSpy Now Target Mac and Linux Users

New Variants of Cross-platform FinSpy Now Target Mac and Linux Users
FinSpy, a full-fledged commercial spyware suite developed by Munich-based company FinFisher Gmbh, has turned the heads of security researchers once again. Often used by law enforcement and government agencies around the world since 2011, this tool is now enhanced to target Mac and Linux users, making it a truly cross-platform across all major operating systems in the market.

Latest discovery


Recently Amnesty International researchers have observed several FinSpy campaigns targeting macOS and Linux users in Egypt. The Windows, Android, and iOS variants have already been available for quite some time.
The new FinSpy variants have been used for targeting the Egyptian human rights defenders and media and civil society organizations.
The newly discovered variants of FinSpy include Jabuka.app for Mac OS and PDF for Linux, both disclosed for the first time. 
These newer versions were seen exploiting a bug in Mac OS X < 10.9 (fixed in 2013 or 2014) and Python exploit for CVE-2015-5889 (targets Apple OS X before 10.11).
Researchers also discovered the enhanced variants for Windows (wrar571.exe) and Android (WIFI.apk) that were generated between April 2019 and November 2019.

Decade-old connection with the Egyptian regime


Investigators had found the involvement of the Egypt's state security apparatus for contracts of the sale of FinSpy with Gamma International UK Ltd almost one decade ago, in 2011.
Since its first discovery, FinSpy has been used to target HRDs and civil society in many countries, including Bahrain (2012), Ethiopia (2014), and Turkey (2018).
A ..