14 DAY TRIAL // A set of files have been posted online, detailing the capabilities and features of the “FinFisher” spyware suite (also known as FinSpy), a package sold by a German company called Gamma Group, to governments and law enforcement agencies.
The documentation was published through a Twitter account that purports to be from the company’s PR department; however, the account, operated by someone with the handle Phineas Fisher, is not affiliated with Gamma Group.
The information contained by the files is quite recent, the newest of them are dated April 14, 2014. These are release notes for FinSpyPC and FinSpyMobile 4.51.
For the mobile version of the spyware, various communication channels can be monitored (calls, short text messages, multimedia messages) and it allows access to stored data (address book). Moreover, it allows making silent calls in order to listen to the microphone remotely.
In another document, it is stated that FinFisher for PC bypasses the detection of almost 40 regularly tested antivirus systems.
It is unclear which antivirus solutions the spyware was tested against, but a tweet from Phineas Fisher (@GammaGroupPR) on August 3, showed that Avast’s product could detect its presence on an infected system.
An update to the desktop version released in April included modifications that allowed the rootkit component to evade security solutions such as the one from Avast and Microsoft Security Essentials.
Another change referred to the Skype module of the malware, “make the appropriate modifications to avoid the popup Skype brings when the Trojan Skype module injects code into Skype.”
A list of limitations is also available, and it appears that the modern version (Metro) of Skype is not supported on Windows 8. However, the date of the document is April 14, 2014, and there is a high chance that Gamma Group managed to develop an updated version that eliminates this restriction.
The tongue in cheek Twitter account offers links to a list of prices for the legal malware developed for governments. It seems that customers paid almost €1.5 / $2 million for the software package, while practical penetration testing costs reached €27,000 / $36,000.
Multiple services and packages are offered, and purchasing all of them could cost a customer close to €3 / $4 million.
The mock reason for creating the Twitter account and leaking the documents is that Gamma International ran out of governments to sell their spyware and opened the sales to the public in order to continue their business.
Here at Gamma International, we've run out of governments to sell to, so we're opening up sales to the general public!
— Phineas Fisher (@GammaGroupPR) August 3, 2014