While Windows 10 has been described as spyware by many, Microsoft is pretty dedicated to being the only one having access to your data.
To that end, today the company announced that Windows Defender is now able to detect FinFisher, a form of spyware often used by law enforcement agencies around the world to spy on their citizens.
The spyware, sold by European firm Gamma Group, is commonly delivered in a Word document, and is quite sophisticated, using various techniques to prevent sandboxing, debugging, and emulation, with Microsoft’s threat researchers saying its evasion techniques to prevent analysis place it in a “different category of malware.”
The malware used multiple virtual machines, spaghetti code, has 6 layers of protection and can detect when it runs in a sandbox to prevent being detonated in a controlled environment and then analyzed.
They discovered the malware had a modular payload, including one which was designed for spying on internet connections, diverting SSL connections and stealing data from encrypted traffic.
Microsoft said their research now made Office 365 Advanced Threat Protection (ATP) more resistant to sandbox detection, while Windows Defender Advanced Threat Protection (ATP) anti-malware has improved detections for it.
Gamma Group, has been criticized for selling FinFisher to repressive regimes and the malware appears to be mainly used for spearfishing attacks targetted at a specific person, including recently Russian-speaking victims, sometimes with the aid of national ISPs who divert users to infected websites.
Read much more detail about Microsoft’s research here.