|
Method of infection
The surveillance suite is installed after the target accepts installation of a fake update to commonly used software.[5] Code which will install the malware has also been detected in emails.[13] The software, which is designed to evade detection by anti-virus software, has versions which work on mobile phones of all major brands.[1]
A security flaw in Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.[6][7] Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.
The security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security software commentator Brian Krebs.[6][7][14] Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch. Promotional videos used by the firm at trade shows which illustrate how to infect a computer with the surveillance suite were released by Wikileaks in December, 2011.[3]
|