New FinSpy Version Can Read Regular and Secret Chats in Secure Messengers

Kaspersky Lab has discovered a new version of the FinSpy spyware program, which is capable of monitoring all user activity on mobile devices. The malware collects information from messengers that use encryption, such as Telegram, WhatsApp, Signal, and Threema.

The FinSpy implant for iOS can hide traces of jailbreaking, while the Android version contains an exploit to gain superuser rights and execute commands even on non-rooted devices.

How FinSpy Infects Devices

To install the malicious software, physical access to the device is required, or infection can occur via SMS messages, email, or push notifications if the device has been jailbroken or is running an outdated version of Android.

FinSpy is actively used in targeted surveillance, as attackers can monitor all activity on the device. The attacker gains access to contacts, emails, SMS messages, calendar entries, GPS data, photos, saved files, call recordings, and data from messengers, according to a detailed report.

Continuous Updates and Targeting

The creators of FinSpy constantly monitor new mobile device protection methods and promptly update their program. They also identify the most popular apps among potential victims to collect information more effectively.

How to Protect Yourself

• Do not leave your mobile devices unlocked.
• Never share your device password with anyone.
• Only install apps from official app stores.
• Avoid clicking suspicious links from unknown numbers.
• Block the ability to install apps from unknown sources.
• Regularly check for and immediately remove unknown applications.
• Install reliable antivirus software.