Did you know that one way configurations are pushed to the #ForcedMDM CarrierConfig process can CHANGE the running processes so as to maintain persistence?

Persistence is the GOAL for #ForcedMDM

Disrupt that process & no persistence for the #malware , fact.

#infosec by #infosec_jcp

One of the key attributes of #StateSponsoredMalware™ from #GammaGroup's #FinFisher #FinSpy #Finsky is understanding that it is a shim based mish mash of resident files that point to different parts of the other background services running.

Some are replaced stock system files modified to look like and are named the same as the original but are supplemented with additional API's that call the mutiple shims that has as it's main goal of getting complete persistence on your systems if it has not done so already.

🚩🚩🚩🚩One first sign is the battery drain this software uses. It has a weird side effect of NOT logging in this battery usage like normal applications and system. 🚩🚩🚩🚩

⚠️🚨⚠️🚨⚠️🚨⚠️ 🚨⚠️🚨⚠️🚨
This BATTERY DRAIN is a HUGE
first indicator of compromise.
⚠️🚨⚠️🚨⚠️🚨⚠️🚨⚠️🚨⚠️🚨

Second is checking the BACKGROUND programs running list. There are SEVERAL background programs that indicates you have been compromised by GammaGroup's software, especially on #Android , #IOS, #MacOS, #Windows, & #Linux.

There are attaccc features also which spread, from a library of PNGs with URL arrays embedded to their #malware services that launch attaccc's based on certain PSTN calls, web browsing & also MMS & SMS interactions.

For example, receiving an SMS or MMS can activate things on your computer or wireless device to do things like start a running process shim like start or restart specific services.

There is also a #MITM #ForcedMDM & #proxying ability to use your end point as an attaccc node completely behind the scenes without your intervention or knowledge unless you are logging your traffic which also could be bypassed also as has been seen previously. That is on purpose.

Continued..... #infosec #GreyMarket #CALEA #malware #investigations #RTDNA ☣️🔍🧐

Weekly reminder about the slavery software for #HumanRightsAbuse used by IA's & the PDs & the coordinated #GangStalkers at #Meta & ignored by #CitizenLab, #EFF & the #ACLU also used in conjunction with domestic physical nightly torture sessions of tap, tap, tap, tap, tap borrowed from Chinese Torture techniques.

Whitelisted felons like homeless #ZachariahCrocker & child groomer #AprilPage have been documented using this software at Meta for financial crimes, physical break INS & coordinated harassment over 19+yrs now using fake accounts claiming to be their targets that they control as has been documented on camera during the pandemic.

They were also documented stealing #USPS mail ( open cases with the US Postmaster General ) as well as #FedEx & local Police Department who did nothing even with video evidence of the theft.

Home invasion case reported & covered up in case #21-144-0690 w/ #SJPD & get my RealID one month before it expired for fraud usage also & financial crimes on #Meta & Google Chat coordinated by Zachariah Crocker & April Page from Cisco Systems from 04/2020 - 11/2020 while I worked for #CiscoSystems HQ in Milpitas, CA. #AprilPage was my managers manager. She shared the same landlord as I did I found out, from their #BankOfAmerica monthly transactions to #ZhiZhang & #RenWaiYanZhang whom they coordinated the break INS with.

Multiple open cases with multiple agencies. Zero resolution.

#GammaGroup's #FinFisher #FinSpy #Finsky

#StateSponsoredMalware™ #ForcedMDM #SlaverySoftware #RTDNA #news #infosec

One common thing #StateSponsoredMalware™ from #GammaGroup . Com's #FinFisher #FinSpy #Finsky does is a downgrade attack on your encryption by using older protocols that are already compromised and also using port 80 over port 443 on web browsers at logins as well as replacing and utilizing different certificates with lower bits and easily broken ciphers so that you still have a green lock on your browser.

Libraries of overlay icons have also been found to overlay and replace icons on each os also mimicking icons that make you think you are using ' secure ' settings also for common programs for communications.

This software is commonly used for investigation purposes but it's been see also primarily used as a financial crime tool in the South Eastern United States in Red States attacking Blue States since 2015 when it's source code was hacked.

#infosec #SSM™ #GammaGroup #FinFisher #FinSpy #Finsky #CALEA #CALEAmalware™ #greymarket #financialcrimes #investigations #ForcedMDM #MITM

Here's the #standalonecomplex version

I have a comic #shark themed #meme update from the trend analysis I have been working on for the past 4+yrs now that explains the behavior, literally, in #infosec terminology 🤭

🦈☣️👉☣️📳
#GammaGroup #FinFisher #FinSpy #Finsky #ForcedMDM
🦈☣️🦈☣️👉🦈👉☣️📳