google-site-verification: google30a059f9a075f398.html

StrongPity2 spyware replaces the well-know FinFisher in MitM campaign – ISP involved?

 

Cyber Expertize commentary:

welivesecurity reported that their researcher detected and named thespyware, Win32/StrongPity2, which notably resembles one that was attributed to the infamous spyware known as FinSpy. The well-known spyware was sold to governments and their agencies worldwide group. These strong indicators of internet service provider (ISP) involvement, had been replaced by different spyware called StrongPity. The free ESET Online Scanner will thoroughly clean the infected systems compromised by StrongPity2. ESET reported in September, had similarly detected in two different countries, Man-in-the-Middle (MitM) attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level. The first similarity is the attack scenario – users trying to download a software installation package were being redirected to a fake website serving a trojanized version of the expected installation package. The StrongPity group was observed performing such watering hole attacks in the summer of 2016, targeting mostly Italian and Belgian users of encryption software.

Read the article for more information.

StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved?

https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfisher/As we reported in September, in campaigns we detected in two different countries, man-in-the-middle attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level. The post StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved? appeared first on WeLiveSecurity… StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved?

 

Furthermore, the software packages trojanized with Win32/StrongPity2 are:

CCleaner v 5.34
Driver Booster
The Opera Browser
Skype
The VLC Media Player v2.2.6 (32bit)
WinRAR 5.50

If like like to receive these curated news alerts then subscribe to my mailing list.