In a recent cybersecurity updates, Microsoft Windows Defender has gained the ability to spot the FinFisher spyware and prevent it from causing harm to your computer.
Gamma Group, a European company, has found itself under scrutiny due to selling it to repressive regimes.
Interestingly enough, this particular spyware is sold to law-enforcement agencies all around the world. Some ISPs have even decided to willingly assist its spreading by directing its targets to an attack site. In particular, whenever the target attempts to install some of the popular apps, the ISP triggers a redirect.
According to Microsoft’s cybersecurity researchers, the spyware has been designed to be very challenging to analyse, thus classifying it as a “different category of malware”. For example, one of its tricks is using “spaghetti code”, which serves the purpose of tripping up analyst tools. Another trick is using virtual machine functionality to hide what’s truly going on from analysis.
Still, through perseverance, they managed to discover its inner workings. Without getting too technical, FinFisher uses memory injection attacks, which Microsoft Windows Defender can now detect and stop in its tracks.
For those who want to take a look, the company has published a list of FinFisher VM “opcode handlers”. According to them, the spyware itself seems to be modular and various plugins can be connected to it. For example, one of those plugins was designed for spying on internet connections, stealing data from encrypted traffic, and diverting SSL connections.