'FinSpy' Spyware Spoofs Mozilla Firefox Browser

Dennis Faas's picture

Mozilla is attempting to stop a British company from masking its spyware program as the Firefox Internet browser. Mozilla has reportedly sent a cease-and-desist letter to the firm.

Mozilla has sprung into action after learning from PC security researchers that a spyware program called FinSpy has been masquerading as the Firefox web browser.

The issue was discovered by Citizen Lab, a group of researchers associated with the University of Toronto's Munk School of Global Affairs.

FinSpy is just one part of a spyware toolset called FinFisher, which is produced by a British firm called Gamma International.

Program Used to Track, Investigate Criminal Activity

It's important to note that FinSpy isn't your typical spyware program -- in fact, it's often used by police and federal agents to examine a seized or targeted system.

However, one could argue that FinSpy isn't always used in an ethical way. Citizen Lab says the program has been found in developing countries with somewhat questionable human rights records. (Source: pcworld.com)

In fact, the program has reportedly been used to help silence disruptive activists.

Citizen Lab says it's found traces of FinSpy in Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria and Austria.

Mozilla Worried About Reputation

To give it an air of authenticity, FinSpy employs both Mozilla's trademark and code.

"The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest," noted Citizen Lab researchers Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri and John Scott-Railton. (Source: pcworld.com)

"This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists."

Understandably, Firefox is very upset. The firm's director of privacy and policy, Alex Fowler, insisted that Mozilla takes such abuse of its trademark very seriously. Fowler says he recognizes that this activity seriously affects his company's reputation.

"We cannot abide a software company using our name to disguise online surveillance tools that can be -- and in several cases actually have been -- used by Gamma's customers to violate citizens' human rights and online privacy," Fowler said.

"Gamma's software is entirely separate, and only uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion." (Source: theregister.co.uk)

Gamma International has not yet responded to these claims.

Rate this article: 
No votes yet