Malicious actors are always looking for new ways to exploit existing vulnerabilities in both Android and iOS ecosystems to gain access to users’ devices and their personal information. Now, in another such incident, security researchers have detected a new malware that requires no action on part of the users to infect the targeted device.
Researchers at Kaspersky have detected a previously unknown that is targeting Apple iOS devices. This malware can compromise devices via the iMessage service with an attachment without any user interaction. Simply put, all the hackers need to do is send a message on iMessages containing an infected attachment to download and install the spyware dubbed as Triangulation on the user’s device.
Once the spyware has been successfully installed on a device, it quietly transmits a user’s private information to remote servers. This information can include microphone recordings, photos from instant messengers, geolocation, and data about a number of other activities of the owner of the infected device. What’s worrisome about this spyware is that it requires no action on part of the users.
“The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware. The deployment of the spyware is completely hidden and requires no action from the user,” Kaspersky wrote in its blog post detailing the findings of its investigation.
Furthermore, researchers said that the main reason for this incident is the proprietary nature of iOS, wherein the operating system is a “black box”, in which spyware like Triangulation can hide for years without getting detected at all.
Researchers at Kaspersky said that there aren’t many effective ways using which iPhone users can safeguard themselves. The researchers have not found an effective way to remove the spyware without losing user data so far.
At the moment, the only way a user can completely remove the spyware from their iPhone is by resetting the infected iPhones to the factory settings and installing the latest version of the operating system and the entire user environment from scratch. “Otherwise, even if the spyware is deleted from the device memory following a reboot, Triangulation is still able to re-infect through vulnerabilities in an outdated version of iOS,” the company wrote.
Important: Disabling iMessage would prevent iOS devices from Triangulation attack
— Eugene Kaspersky (@e_kaspersky) June 1, 2023
Additionally, Kaspersky CEO Eugene Kaspersky in a thread on Twitter said that the attacked can be foiled by disabling iMessages. This essentially prevents the spyware from sending information to its servers. But it does not remove the spyware completely.
Author Name | Shweta Ganjoo