FinFisher secretly monitors computers by turning on webcams, recording everything the user types with a keylogger, and intercepting Skype calls. It can also remotely take control of a computer. Gamma International Gmbh, a British company, sells the tool to law enforcement agencies and governments. As Slashdot reported, the first known analysis of FinFisher came from CitizenLabs.org in July.
Rapid7 researchers analyzed samples and then looked for those attributes in a global scan of computers on the Internet, and found matches in Australia, Czech Republic, United Arab Emirates, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar, and the United States.
The matches simply indicate that these computers exhibit the "unique behavior associated with what is believed to be the FinFisher infrastructure," Claudio Guarnieri wrote in a blog post.
It's not known whether the US-based server identified by Guarnieri is associated with law enforcement or the federal government, or whether a private entity has gotten their hands on the tool.