Kaspersky identifies new malware campaign targeting iOS devices
June 5, 2023345 views0 comments
By Cynthia Ezekwe
Kaspersky Lab, a multinational cybersecurity and anti-virus provider has unveiled an ongoing mobile Advanced Persistent Threat (APT) campaign targeting iOS devices with unknown malware.
The cybersecurity company headquartered in Moscow, Russia, made this known in its recent APT campaign report tagged tagged “Operation Triangulation,’’ noting that Kaspersky experts uncovered the new mobile APT campaign while monitoring the network traffic of its corporate Wi-Fi network using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).
It added that upon further analysis, the company researchers discovered that the threat actor had been targeting iOS devices of dozens of company employees.
The cybersec company noted that the investigation of the malware attack is still ongoing, adding that the most recent version of the devices successfully targeted is iOS 15.7.
In light of the above, the researchers were able to identify specific artifacts that indicate the compromise, paving way to move the research forward, and identifying the general infection sequence.
“The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.Without any user interaction, the message triggers a vulnerability that leads to code execution.The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.The initial message and the exploit in the attachment is deleted,’’the report explained the sequence.
According to the report, the spyware quietly transmits private information to remote servers, including microphone recordings, photos from instant messengers, geolocation and data about a number of other activities of the owner of the infected device, while emphasising that all potential must be backed up and has to be processed by the Mobile Verification Toolkit (mvt-ios).
Commenting on the discovery,Igor Kuznetsov, head of Eastern Europe, Middle East, and Africa Unit at Kaspersky, said:
“When it comes to cyber security, even the most secure operating systems can be compromised. As APT actors are constantly evolving their tactics and searching for new weaknesses to exploit, businesses must prioritise the security of their systems.”
Kuznetsov noted that to ensure system security, organisations should prioritise employee education, and awareness and provide them with the latest threat intelligence and tools to effectively recognize and defend against potential threats.
He added that the company’s investigation of the triangulation operation continues, noting that further details on it would be shared as there could be other targets of the spy operation.