How to Detect FinFisher Malware that Piggybacks Legitimate Software

Security researchers at ESET Security, the makers of very popular ESET Internet Security, have discovered that a nefarious surveillance campaign in which the ISP’s are also taking part. The campaign involves redirecting the download links of many popular software like Skype, Avast Antivirus, WinRAR, WhatsApp, VLC Media Player and many more. The redirected links contain the software package modified in such a way that it installs both the FinFisher malware and the intended legitimate software.

This is very much similar to the recent CCleaner hack in which the Piriform download servers were compromised and the download packages were replaced with malware laced software. This resulted in over two million users worldwide installing the malware in their computers. The FinFisher malware campaign is also not very different, only the download servers are not compromised and the ISP’s are redirecting the download links to the malicious ones. The report published by the ESET researchers have not made it clear which of the ISP’s are found to be redirecting the download links to the malware loaded software packages.FinFisher Malware

ESET has identified the FinFisher malware as Win32/FinSpy.AA and Win32/FinSpy.AB. You can use the ESET Online Scanner to detect whether your PC is already infected with these malware or any other malware. The ESET Online Scanner is also able to clean the detected malware from your PC.

ESET Online Scanner

There are some simple ways to prevent this kind of man-in-the-middle attack. First of all, you should install a good antivirus software to make sure that your do not get infected with any type of malware. And second thing you should do is start using a secure VPN service to redirect your web traffic through the VPN tunnel in order to bypass the attack attempts made by your ISP.

You can find the FinFisher surveillance campaign report by ESET security at https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/.