Finfisher is legitimate monitoring software thought to be used by governments to covertly obtain data.
But it can be installed unknowingly by computer users and is often disguised as an update to a well-known browser - like Firefox.
The University of Toronto research group, The Citizen Lab, says it believes Finfisher servers are currently active in 36 countries, including Australia.
An excerpt from a report by the group released this week, titled For Their Eyes Only: The Commercialisation of Digital Spying, states:
The booby-trapped document embeds a copy of FinSpy that masquerades as legitimate Mozilla Firefox software.
This is not the first time that a FinSpy sample has used the "Mozilla Firefox" product name to masquerade as legitimate software.
Samples from the FinSpy campaign targeting Bahraini activists last year used an assembly manifest that impersonated Mozilla's Firefox browser.
In 2011, the BBC found documents in Egypt's state security building, which suggested Gamma International offered to supply Finfisher to the Egyptian government to monitor activists.
The company denied it did, but files seen by the BBC describe a five-month trial which included successful access to email accounts and the recording of encrypted Skype calls.
The Mozilla Foundation has now sent a cease and desist letter, warning Gamma International not to use the Firefox name, as camouflage for the surveillance program.
"Our brand and trademarks are used by the spyware as a method to avoid detection and deletion," Mozilla chief privacy officer Alex Fowler said in a statement.
"As an open source project trusted by hundreds of millions of people around the world, defending Mozilla's trademarks from this abuse is vital to our brand, mission and continued success."