New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

Jun 01, 2023Ravie LakshmananMobile Security / APT

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019.

“The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data,” Kaspersky said.

The Russian cybersecurity company said it discovered traces of compromise after creating offline backups of the targeted devices.

The attack chain begins with the iOS device receiving a message via iMessage that contains an attachment bearing the exploit.

The exploit is said to be zero-click, meaning the receipt of the message triggers the vulnerability without requiring any user interaction in order to achieve code execution.


🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

It’s also configured to retrieve additional payloads for privilege escalation and drop a final stage malware from a remote server that Kaspersky described as a “fully-featured APT platform.”

The implant, which runs with root privileges, is capable of harvesting sensitive information and equipped to run code downloaded as plugin modules from the server.

In the final phase, both the initial message and the exploit in the attachment are deleted to erase any traces of the infection.

“The malicious toolset does not support persistence, most likely due to the limitations of the [operating system],” Kaspersky said. “The timelines of multiple devices indicate that they may be reinfected after rebooting.”

The exact scale and scope of the campaign remains unclear, but the company said the attacks are ongoing, with successful infections penetrating devices running iOS 15.7, which was released on September 12, 2022.

It’s currently also not known if the attacks are taking advantage of a zero-day vulnerability in iOS. The Hacker News has reached out to Apple for further comment, and we will update the story if we hear back.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cyber Security

Articles You May Like

How GlobalFoundries aims to remain world’s third-biggest semiconductor foundry
Moto E13 Now Available in Sky Blue Colour Variant in India
Meta Smart Glasses in Collaboration With Ray-Ban Launched, Allows Hands-Free Livestreaming
Pixel Watch 2 Coming to India: Here’s Why Google Skipped the First Watch
Apple Vision Pro Low-Cost Version Might Be Cancelled, Second Headset Won’t Arrive for Few Years: Ming-Chi Kuo

Leave a Reply

Your email address will not be published. Required fields are marked *