The company said the new versions worked on both iOS and Android devices, could monitor activity on most popular messaging services, including those that encrypt data, and hide their presence much better than before.
The one factor that is not in favour of the attackers is the fact that one either needs physical access to a device in order to infect it. In the case of a jailbroken or rooted device, infection can be done through SMS, email or push notifications.
FinSpy, which is also known as FinFisher, is spyware developed by the UK company Gamma Group International and marketed by Lench IT Solutions through law enforcement channels.
The new versions have added surveillance of messaging apps like Telegram, Signal and Threema. Additionally, FinSpy can now hide all sign of a jailbreak on an iOS device and also gain root on an Android device quite easily.
Back in September 2017, Nick FitzGerald, senior research fellow for Slovakian security firm ESET in the Asia-Pacific, told iTWire that a variant of FinSpy was being spread in seven countries through applications like WhatsApp, Skype, Avast, WinRAR and VLC Player.
This variant was said to be spreading through a man-in-the-middle method, with the disturbing factor being that the middle entity appeared to be an ISP in two of the countries.
The existence of FinSpy was revealed by WikiLeaks in 2014.
“The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly change their malicious programs to avoid their operation being blocked by fixes,” said Alexey Firsh, security researcher at Kaspersky.
“Moreover, they follow trends and implement functionality to exfiltrate data from applications that are currently popular.
"We observe victims of the FinSpy implants on a daily basis, so it’s worth keeping an eye on the latest platform updates and install them as soon as they are released. Regardless of how secure the apps you use might be, and how protected your data, once the phone is rooted or jailbroken, it is wide open to spying.”