[German]Microsoft has built-in detection of the spyware Finfisher in Windows Defender ATP. This should make it harder for government agencies and their Trojans to spy on Windows users.
What is Finfisher?
FinFisher (or FinSpy) is an surveillance software for PCs and smartphones developed and distributed by the British-German company FinFisher GmbH, based in Munich – part of the Gamma Group (see). The Trojan horse will be delivered to state actors to enable surveillance.
The malware is distributed to the users’ systems in harmlessly looking (word) files. In September 2017 I had reported about such a campaign. A problem for organizations and companies is to recognize an attack with a FinFisher Trojan.
Microsofts Windows Defender ATP detects Finfisher
Microsoft says, that it’s analyzed the infamous Spyware FinFisher. The goal was to develop new ways to detect spyware and protect Windows and Office users. FinFisher is probably a complex spyware for monitoring users, which uses many tricks to avoid being detected.
(Finfisher attack model, Source: Microsoft)
Microsoft has developed special methods to crack finfishers and understand their attacking techniques, as well as checking the effectiveness of Office 365 ATP Detonation Sandbox, Windows Defender Advanced Threat Protection (Windows Defender ATP) generic detection and other Microsoft security solutions. The Microsoft article here shows that the spyware is probably detected with machine learning in Windows Defender ATP of Windows 10. (via)