Last-minute paper: FinFisher: New techniques and infection vectors revealed

This talk by Filip Kafka (ESET) was given at VB2017 in Madrid, Spain. The infamous spyware FinSpy continues to be in active use in 2017, despite the fact that a lot of security experts have been monitoring the threat. In order to avoid detection and remain in the multi-million-dollar business, the malware authors have continued active development of the malware. On top of having received technical improvements, the latest variant uses a new cunning infection vector. In some of the cases observed by ESET researchers, Internet service providers (ISP) seem to be involved in the infection process. The attack starts when a user – a potential surveillance target of interest – wants to download and install one of several popular applications from their legitimate – and in some cases official – websites. Applications such as WhatsApp, Skype, Avast Free Antivirus, WinRAR, VLC Player, Opera, as well as specialized software particularly used by selected groups of interest, have been abused. After cl