Gamma that it sells FinFisher according to export regulations of the U.K., U.S. and Germany. Nevertheless, once the spyware is released on the Internet, samples will likely end up in the hands of cybercriminals who could build their own versions.

"Now that FinFisher is in the public domain, every government the world over should assume that those who intend to seek and destroy or steal and manipulate will be studying the mechanics of how this application was designed and will undoubtedly develop more of its kind," Dennis Portney, president of Security Forensics, told

The malware is also expected to be particularly difficult to detect. "With the stealth nature of these types of spyware, it is hard to estimate the number or scope of their infection or deployment," Xuxian Jiang, an assistant professor and computer science researcher at North Carolina State University, said.

in CSOonline's Malware/Cybercrime section.