The FinFisher surveillance software attained notoriety during the Arab Spring when protestors in Egypt stormed the Egyptian state security headquarters and found documents showing that state security was in talks with Gamma to purchase the software.
In addition, the Wall Street Journal uncovered in November that Gamma was sending fake iTunes updates in order to infect computers with its FinFisher software.
In a blog, CitizenLab conducted an in-depth examination of software, supplied by Bloomberg News, being used to target Bahraini activists. CitizenLab concluded that it was a version of the FinFisher software known as FinSpy.
“We have linked a set of novel virtualised code obfuscation techniques in our Bahraini samples to another binary that communicates with Gamma International IP addresses. Taken alongside the explicit use of the name 'FinSpy' in debug strings found in infected processes, we suspect that the malware is the FinSpy remote intrusion tool. This evidence appears to be consistent with the theory that the dissidents in Bahrain who received these e-mails were targeted with the FinSpy tool, configured to exfiltrate their harvested information to servers in Bahraini IP space. If this is not the case, we invite Gamma International to explain”, CitizenLab researchers said.
Gamma International responded, telling Bloomberg News that it did not sell its FinFisher spyware to Bahrain. The company said it is investigating whether the software being used against the activists was a stolen demonstration copy.