The latest version of a notorious spyware programme for mobile devices has been found in Myanmar, says Russian cybersecurity firm Kaspersky Lab.
Hacking malware FinSpy taps into messaging apps, including encrypted messengers such as Signal, Telegram, Facebook’s WhatsApp, China’s WeChat and BlackBerry Messenger, reported Kaspersky on Wednesday on its Secure List blog.
Developed by Anglo-German surveillance software developer Gamma Group, the spyware also tracks emails, photos, text messages and GPS data.
Kaspersky Lab analysts believe FinSpy is installed on a device through direct physical access to the device or by sending an SMS, email or push notification to the phone, especially if the phone is using an outdated version of the Google Android operating system.
In June, several dozen phones were infected in Myanmar, though the Moscow-based company suspects that number to be higher due to FinSpy’s popularity with government clients.
Gamma Group has said its software is only sold to governments to track terrorists and other criminals. The developer was hacked in 2014, which exposed its coding online for cybercriminals to use.
Magazine Technology Review wrote that governments around the world are turning to the booming private sector for their hacking abilities; some governments are using the tools to suppress dissidents and political opponents.
The reported detection of FinSpy in Myanmar comes amid an ongoing internet blackout across at least eight townships in Rakhine State and one in neighbouring Chin State as the Myanmar military battles ethnic armed group the Arakan Army.
Telenor Group said the government justified the measure, saying the internet was being used to "coordinate illegal activities."
But rights groups and UN officials fear the information block may be used as a cover for human rights abuses.