Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews. Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.
Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked. Kaspersky: ince it is

Antivirus provider Kaspersky has discovered a malware campaign targeting iPhones running up to iOS 15.7 via iMessage. Importantly, this zero-click/tap malware can be found and blocked.

bits

Kaspersky:

ince it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.

We are calling this campaign “Operation Triangulation”, and all the related information we have on it will be collected on the Operation Triangulation page.

This allowed [us] to move the research forward, and to reconstruct the general infection sequence:

• The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
• Without any user interaction, the message triggers a vulnerability that leads to code execution.
• The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.
• After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.
• The initial message and the exploit in the attachment is deleted

The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting. The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.

The analysis of the final payload is not finished yet. The code is run with root privileges, implements a set of commands for collecting system and user information, and can run arbitrary code downloaded as plugin modules from the C&C server.

It is important to note, that, although the malware includes portions of code dedicated specifically to clear the traces of compromise, it is possible to reliably identify if the device was compromised. Furthermore, if a new device was set up by migrating user data from an older device, the iTunes backup of that device will contain the traces of compromise that happened to both devices, with correct timestamps.

MacDailyNews Take: In the full blog post, Kaspersky has a somewhat technical way to identify and strip to malware from backups, but, if your device allows, update to iOS 16.5 (released May 18, 2023) ASAP.

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.

The post Zero-click iOS malware attack via iMessage infects iPhones running iOS 15.7 and earlier – Kaspersky appeared first on MacDailyNews.

original link


You may also be interested in this

Apple Releases iOS 16.6 a…

Apple today released iOS 16.6 and iPadOS 16.6, the sixth point updates to the iOS 16 and iPadOS 16 operating systems that first came out last September. The launch of

Three new games come to A…

Three new games join Apple Arcade in August, including Temple Run: Legends and Vampire Survivors+.

Apple Music Classical lan…

Macworld Having finally launched the long-awaited Apple Music Classical app for iOS two months ago, Apple was expected to quickly launch an optimized version of the app for iPad and

A new web standard will a…

The World Wide Web Consortium is working to further secure online payments in browsers with a new technology that works alongside other payment services like Apple Pay, Google Pay, and

5 Best Black Friday MacBo…

Black Friday deals on the MacBook Pro and MacBook Air are plentiful this year, with the best deals found at Best Buy for My Best Buy Plus and My Best

iOS 18: Using the New …

In iOS 18, Apple Maps has gained a new "Search here" button that makes it much easier to find what you're looking for in areas that aren't your current location

iOS 17 feature roundup: S…

The WWDC keynote was jam-packed with news and didn't even include everything coming to iOS 17. Here are all of the features we've found so far.iOS 17 has a lot

Deals: Amazon Takes $70 O…

Today on Amazon you can get three models of the 41mm GPS Apple Watch Series 8 for the all-time low price of $329.00, down from $399.00. Colors on sale include
X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.