Kaspersky Labs has identified a new strain of malware

This new malware is spreading across the internet and is concerning. Called FinSpy, it specifically targets WhatsApp on both Android and iOS devices.  An analysis of the code reveals that the spyware was created by a German company called Gamma Group and that it is primarily used by state actors.

In other words, it's a serious piece of code, as is anything that's predominately used by governmental agencies. If this malware winds up on your device, it can collect a wide range of information and send it back to the owners of the code.

This information includes

  • SMS/MMS
  • Emails (including encrypted emails)
  • GPS location data
  • Photos
  • Files in memory
  • Phone call records
  • Messaging application data from Whatsapp, Telegram, Signa, Messenger, Viber, Threema, and BBM

If there's a silver lining to be found about FinSpy, it is the fact that in most cases, a hacker would need to gain physical access to your phone in order to install the malicious code.  The exception here is if you're using a rooted smartphone or a jailbroken iPhone.  In those cases, all the hacker needs to do to install FinSpy on your device is send you an email or simple push notification.

At present, there's no good way to prevent it, and no easy way to detect the malware if it finds its way onto your system.  Kaspersky Lab recommends avoiding opening suspicious links received via email or SMS and to protect your phone with a strong password.  Additionally, the company stresses the importance of regularly installing security updates. This is because of FinSpy benefits from security flaws found in older versions of both Android and iOS operating systems.

Our perspective

So far, the company reports that there have only been about a dozen confirmed FinSpy installations worldwide. That's good news indeed, but this is still a serious threat.

As Sgt. Phil Esterhaus always advised: "Hey, let's be careful out there!"

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.