Malware distribution campaigns are increasing at a rapid speed all over the internet. Another fatal malware distribution has been tracked down by the security researchers. The distribution campaign is spreading one of the most infamous spyware, FinFisher also known as FinSpy.
It’s high time that the WhatsApp, Skype, Avast, WinRAR, and VLC Player users should check their software version and be sure that the version is the legitimate one. According to the security researchers legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player, WinRAR and Avast have reportedly been compromised at the ISP level to distribute the spyware FinSpy.
FinFisher a.k.a FinSpy is surveillance software marketed by Lench IT Solutions, which markets the spyware through law enforcement channels. FinFisher can be covertly installed on targets' computers by exploiting security lapses in the update procedures of non-suspect software.
Researchers suspect that ISPs used the ability to control user traffic and redirect users attempting to download certain software to different link offering the same software.
These types of attacks involving a third party are called as Man-In-The-Middle Attack (MitM attack). The security researchers are pretty sure that ISPs were carrying out the MitM attacks because recent detections with FinFisher spyware in the two affected countries were spread over a wide geographical area and users could have not been the victims of a MitM attack carried out via local networks, such as Wifi hotspots. Furthermore, according to the leaked documents from Wikileaks show that the company that sells the infamous FinSpy also provides a package that can be installed at the ISP level.