iPhones users warned of ‘Threat Actors Spying’

16 Aug, 2023

ISLAMABAD: The National Telecommunication and Information Security Board (NTISB) has warned that threat actors are targeting iPhones with zero-click spyware, multiphase polymorphic, and self-destructive malware.

The board has issued an advisory, “Threat Actors Spying on iPhones Through Zero-Click Spyware”, while saying that reportedly, threat actors are targeting iPhones with zero-click spyware; multiphase polymorphic and self-destructive malware. The campaign is considered part of sophisticated and long-running mobile espionage and data ex-filtration activity termed, Operation Triangulation.

The advisory noted that operation triangulation has recently been unearthed, however, it was running since 2019. Russia has accused USA and Apple of facilitating spying activities, though Apple has denied such allegations. It may be inferred that the operation is to spy Russian officials’ iPhones.

The advisory noted that technical details and modus operandi of operation triangulation are as: (a) during initial phase, victims are infected using zero-click exploits via the iMessage platform. Malware runs with root privilege, gaining complete control of the victim’s devices and data, (b) attack begins with iOS devices receiving a message via iMessage containing malicious attachment, (c) as it is a zero-day, the message triggers malware execution automatically without any user interaction and notice, (d) the malware downloads payloads from download server and further exfiltrates victim’s data to under mentioned remote servers: (1) backuprabbit.com (2) businessvideonews.com (3) cloudsponcer.com (4) mobilegamerstats.com (5) snoweeanalytics.com (6) tagclick-cdn.com (7) topographyupdates.com (8) unlimitedteacup.com (9) virtuallaughing.com (10) web-trackers.com (11) growthtransport.com (12) Addatamarket.net (13) datamarketplace.net (14) anstv.net (15) ans7tv.net

In the final phase, both the initial iMessage text and malicious attachment are deleted automatically to erase traces (crafted evasion). The most recent version, which has been successfully targeted is iOS 15.7.

The Board has recommended that (a) all iPhone users are advised to update to latest versions (IOS 16.4.1 or above) (b) keep iMessages off/blocked (c) Avoid storing official data/correspondence in mobile phone, (d) Remote C&C servers domains/URLs at Para 3d (serial 1 to 15) be blocked at firewall by administrators.

In another advisory “Critical Vulnerabilities in Apple Products”, the Board has stated that Apple has released security updates for critical vulnerabilities including one zero day (CVE-2023-38606; Kernel State Modification Vulnerability). CVE-2023-38606 is being exploited by threat actors in connection to Operation Triangulation to execute malicious code with kernel privileges and gain unauthorized access of victim devices.

All Apple products (iPhone, iPad, iPod, macOS, tvOS and watchOS) are affected with above mentioned vulnerability and consequently, patches/updated versions are available.

The board has stated that above in view, all Apple devices users are advised to update to following latest versions from official Apple store: a. iOS - Version 16.6 and 15.7.8 b. tvOS - Version 16.6 c. iPadOS - Version 16.6 and 15.7.8 d. watchOS - Version 9.6 e. iPodOS - Version 16.6 and 15.7.8 f. macOS Ventura - Version 13.5 g. macOS Monterey - Version 12.6.8 h. macOS Big Sur - Version 11.7.9.

Copyright Business Recorder, 2023

Read Comments