A spying campaign targets iPhone users with a virus that doesn’t even require a click to infect the phone. It is enough for the target to receive a message with a compromised attachment through iMessage for the dangerous file to start acting, making it possible to steal files and take full control of the smartphone.
The so-called Operation Triangulation, as it was named by security experts at Kaspersky, was discovered when researchers from the company itself discovered they were infected with the virus. The attack takes advantage of a zero-day flaw in Apple devices, ones that are unknown even to their original developers.
Details of the vulnerability were not made public to prevent a larger string of scams, but it was clear that it was already in use by attackers when dozens of iPhones and iPads used by Kaspersky employees were infected. The private information collected by the spy virus includes images exchanged in messaging apps, microphone recordings, geolocations and other records of activities performed on the devices.
At the other end, we have an immediate infection that happens as soon as the user receives an iMessage contact with a malicious attachment. No need to click links, download files or even access the message itself. The virus assumes administrator privileges and deletes its own tracks, while the attacker gains access to the device’s files.
According to Kaspersky’s evaluation, the contamination does not allow lateral movement through networks to which the devices are connected, so the attack remains only on the devices themselves. The security company reported that there was no compromise of sensitive data or systems involved in its operations.
On the other hand, researchers believe that they are not themselves the targets of this operation, discovered through monitoring the corporate Wi-Fi network. The focus of espionage offensives like this one is often on dissidents, politicians, journalists, activists and other individuals involved in political issues, in attacks usually carried out by threat groups affiliated with nation states.
How to protect yourself from iPhone attacks?
While such information is not available and an update for iOS and iPadOS devices is not forthcoming, Kaspersky has released technical indicators that can help detect compromise. The malicious domains used in the operation can also be blocked on the network to prevent data from being shared even in case of infection, but unfortunately, at the time of publication, there is nothing the user can do to avoid being infected by the virus.
On the other hand, as Operation Triangulation was associated with very specific attacks, against selected individuals, the attack surface becomes smaller. Still, users should pay attention to anomalous smartphone behavior, such as increased battery or data consumption, which may indicate improper background activity. Reviewing the security information also helps keep devices private.
In the rest, there are the usual safety indications, related to attention when downloading applications, which must always come from recognized developers, and access to websites. Be aware of fraudulent domains and avoid clicking on links or accessing pages that arrive via text message, unless you are absolutely sure of the origin of these indications.
Source: Kaspersky
