ESET's Filip Kafka wrote that the name was chosen because the software bore a strong resemblance to a package distributed by a malicious group known as StrongPity.
Back in September, ESET found a variant of the FinFisher sypware being spread in seven countries through legitimate applications like WhatsApp, Skype, Avast, WinRAR and VLC Player.
That campaign stopped a day after ESET reported about it, Kafka said. As in the earlier case, users trying to download a software installation package were being redirected to a fake website serving a trojanised version. The malware uses a man-in-the-middle attack to redirect users to the fake website.
|
The new surveillance software, StrongPity2, had been visible in two unnamed countries since 8 October.
It was "using the same (and very uncommon) structure of HTTP redirects to achieve 'on-the-fly' browser redirection, only this time distributing StrongPity2 instead of FinFisher," Kafka said.
"We analysed the new spyware and immediately noticed several similarities to malware allegedly operated by the StrongPity group in the past."
Other common software packages which are being trojanised by StrongPity2 are CCleaner, Driver Booster, Opera, and WinRAR 5.50.