1. 6

The applications we have seen being misused to spread FinFisher are WhatsApp, Skype, Avast, WinRAR, VLC Player and some others. It is important to note that virtually any application could be misused in this way.

We discovered these latest FinFisher variants in seven countries; unfortunately, we cannot name them so as not to put anyone in danger.

  1.  

  2. 3

    I thought I’d point out VLC in particular since it’s been trending on Reddit and HN the past day, with the lead maintainer claiming to have refused large sums of money to put ads in the application.

    I also noticed VLC 2.2.6 is being sent out as a “security update” where, on Windows, it is being distributed by plain HTTP by default. So it’s no surprise that ISPs are taking advantage of this security hole.

    I’ve emailed their security team, although it appears the maintainer (jbk) is already aware that lack of HTTPS-by-default is a problem. But unclear whether he takes it seriously as an urgent issue already being used as an attack vector.