Called FinSpy, it specifically targets WhatsApp on both Android and iOS devices. An analysis of the code reveals that the spyware was created by a German company called Gamma Group, and that it is primarily used by state actors.
In other words, it’s a serious piece of code, as is anything that’s predominately used by governmental agencies. If this malware winds up on your device, it can collect a wide range of information and send it back to the owners of the code.
This information includes:
- Emails (including encrypted emails)
- GPS location data
- Files in memory
- Phone call records
- Messaging application data from Whatsapp, Telegram, Signa, Messenger, Viber, Threema and BBM
If there’s a silver lining to be found about FinSpy, it is the fact that in most cases, a hacker would need to gain physical access to your phone in order to install the malicious code. The exception here is if you’re using a rooted smartphone or a jailbroken iPhone. In those cases, all the hacker needs to do to install FinSpy on your device is send you an email or simple push notification.
At present, there’s no good way to prevent it, and no easy way to detect the malware if it finds its way onto your system. Kaspersky Lab recommends avoiding opening suspicious links received via email or SMS and to protect your phone with a strong password. Additionally, the company stresses the importance of regularly installing security updates. This is because FinSpy benefits from security flaws found in older versions of both Android and iOS operating systems.
So far, the company reports that there have only been about a dozen confirmed FinSpy installations worldwide. That’s good news indeed, but this is still a serious threat.