Cylance Protects Against Latest FINSPY Malware Attack

Wait, what????

Ok, I’ll admit – I made the “fangs a little bigger…” (Great Outdoors movie reference).

As noted in a recent blog post by FireEye, researchers highlight the fact that they’ve discovered a malicious document floating around that uncovers the use of CVE-2017-8759 vulnerabilities to distribute FINSPY malware.

Details of Attack – Dropping FINSPY

This vulnerability is currently being exploited in the wild by a malicious document targeting Russian-speaking users. Tricking the user into opening the document, it executes some scripts that install malware on the system. While not new malware, FINSPY contains a number of malicious surveillance tools that can then be used to conduct further attacks against systems.

CylancePROTECT® protects you from the effects of FINSPY. See our short demo video below:

VIDEO: CylancePROTECT vs. FINSPY Malware

One of the terms we use at Cylance is Temporal Predictive Advantage (TPA). This is a term we use to illustrate the fact that Cylance’s artificial intelligence (AI) models are actually able to predict that a file is going to be malicious, without ever having seen that specific sample before.

To demonstrate TPA, we commonly take an old version of our endpoint protection product CylancePROTECT, install it on a system and throw the malware sample at it and see what happens – it’s actually a LOT of fun to play with malware like this.

This morning, I did just that. I wanted to see if an old version of CylancePROTECT could predict that this new sample was bad.

I downloaded a sample of the FINSPY malware from a public source. This sample was first submitted on August 21, 2017. And I also noticed that a lot of other vendors could detect this malware – which is really good. But I wondered how many of them could’ve detected it (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog