Microsoft says it has cracked open the notorious FinFisher government spyware to design new ways to detect it and protect Windows and Office users. FinFisher is sold to law-enforcement agencies around the world and its maker, European firm Gamma Group, has been criticized for selling it to repressive regimes. Last year, researchers at FireEye discovered FinFisher being distributed in Word documents loaded with an attack for an Office zero-day targeting Russian-speaking victims. In some countries ISPs have also assisted FinFisher rollouts by redirecting targets to an attack site when they attempt to install popular apps.
Microsoft’s threat researchers say FinFisher’s level of anti-analysis protection puts it in a “different category of malware” and reveals the lengths its makers went to ensuring it remains hidden and hard to analyze. But after Microsoft’s reverse-engineering managed to unravel the malware, the company argues that Office 365 Advanced Threat Protection (ATP) is now more resistant to sandbox detection, while Windows Defender Advanced Threat Protection (ATP) anti-malware has improved detections for it.
Read more about how Microsoft has dismantled the government-grade FinFisher spyware to improve Windows and Office 365 defenses on ZDNet.