New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis.

Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux developed by Anglo-German firm Gamma International and supplied exclusively to law enforcement and intelligence agencies. But like with NSO Group’s Pegasus, the software has also been used to spy on Bahraini activists in the past allegedly and delivered as part of spear-phishing campaigns in September 2017.

Full article

Scroll to Top