Categories: HackingIntelligenceMalware

Disclosed 40 GB of data of FinFisher government spyware related to alleged Gamma hack

A Hacker claims to have hacked the network of Gamma International firm and he has leaked docs related to the malware-for-government FinFisher.

Earlier this week the British company Gamma International appears to have been hacked and a collection of files from its systems have been leaked on the Internet. The security firm is popular because it designs spyware applications for law enforcement agencies and government entities, its most popular solution is FinFisher, a spyware that is able to secretly spy on target computers intercepting communications, recording every keystroke and taking the complete control of the host.
The news of the clamorous hack was spread via Twitter and Reddit, the hacker who has posted it claims to have successfully infiltrated the network Gamma Internationa and has exposed 40GB of internal data which includes details on the diffusion of the surveillance system FinFisher.

“And that’s the end of the story until a couple days ago when I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB Here’s a torrent of all the data. Please download and seed. Here’s a twitter feed where I’m posting some of the interesting stuff I find in there, starting off slow to build up rather than just publish all the worst shit at once.

I assumed the hacking would be the hard part and once I got the data it would just kinda go viral on it’s own or something. But it turn’s out without any media access or idea how that shit works, getting people to notice or care is actually kind of hard. Please share and seed the torrent!” is reported on the reddit post Gamma International Leaked.

The leaked documents include the source code of the Web Finfly solution, client lists, price lists, information about the effectiveness of Finfisher malware, user guide, tutorials and support documentation and many other documents.
The Register revealed that the cost for  the FinSpy solution is  1.4 million Euros, the price list details a lot of optional services offered by Gamma for FinFisher.

“A price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each. The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform. Support costs ranged from 2218 Euros for USB malware support to 331,840 for fifth year support for FinSpy.” reports the Register.

The hacker has initially released the full package on Dropbox as a torrent file, in a short time it was spread on the Internet and several Tweets sent by security experts were referring with caution the event.
One of the documents, titled “FinFisher Products Extended Antivirus Test” and dated April 2014, provides an analysis of avoidance capabilities of FinFisher, listing the antivirus detection rates. FinFisher is able to elude the monitoring of principal 35 anti-virus products, evaluation that recognize the product ad very efficient surveillance tool.
The file dump includes many other characteristics of FinFisher, its rootkit component is able to avoid Microsoft Security Essentials but OS X Skype detect the presence of the malware showing a recording prompt to the victim.
According the document FinFisher is not able to spy on communications of Window 8 users, the dump reveals users should opt for the Metro version of Skype rather than the desktop client because it cannot be monitored by the spyware.
The leaked file includes a fake Adobe Flash Player updater, a Firefox plugin for RealPlayer and a detailed documentation for WhatsApp eavesdripping.

price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each,” the Reg. reported. “The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.”

Stay Tuned for more detailed info!

Pierluigi Paganini

(Security Affairs –  FinFisher, spyware)  

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: cyber espionageFinFisherGamma Internationallaw enforcementmalwareprivacyspyware
12 years ago

Recent Posts

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…

27 minutes ago

Fintech firm Figure disclosed data breach after employee phishing attack

Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…

21 hours ago

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…

22 hours ago

Suspected Russian hackers deploy CANFAIL malware against Ukraine

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…

1 day ago

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…

2 days ago

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code…

2 days ago

This website uses cookies.