Prominent cybersecurity and anti-virus firm Kaspersky has discovered a new cyberattack threat that targets iPhone models running older versions of iOS via iMessage application. The malware, found when the company was monitoring its own Wi-Fi network for mobile devices, infects the phone via a received iMessage, which contains a malicious attachment. The threat doesn’t require the iPhone user to do anything and utilises iOS vulnerability to install a spyware that takes complete control of device and user data.
According to a report about their findings published by Kaspersky, the malicious attachment sent via iMessage executes a code without the need for any action from the user. The malicious code then runs a set of commands for collection of private user data.
Kaspersky CEO Eugene Kaspersky tweeted about the iOS cyberattack, detailing that the spyware extracts private information like microphone recordings, photos from instant messengers, geolocation, and other data and transmits it to remote servers. The firm has dubbed the cyberattack threat as “Operation Triangulation.”
We’ve discovered a new cyberattack against iOS called Triangulation.
The attack starts with iMessage with a malicious attachment, which, using a number of vulnerabilities in iOS installs spyware. No user action is required.#IOSTriangulation pic.twitter.com/daxEYZwXwD
— Eugene Kaspersky (@e_kaspersky) June 1, 2023
Kaspersky said that the malware was found on the iPhones of dozens of employees and could target other iPhone users as well. He also added that the threat had been neutralised and details of the vulnerability have been sent to Apple. The CEO also noted that disabling the iMessage service would prevent vulnerable iOS devices from the attack.
The company said that after the malware is successfully installed on the device, the initial text and the accompanying exploit in the iMessage attachment are deleted. Kaspersky’s report said the attack was ongoing, and iOS 15.7 was the most recent version among the devices that were successfully targeted. iPhone models running iOS 16 appear to be safe from the threat, but Kaspersky did mention in the comments section of its report that they could not guarantee that other iOS versions were safe.
On Friday, Kaspersky also released tools for users to check if their device was infected.
Back in February, Apple released updates that fixed major vulnerabilities with iOS 16.3 and macOS 13.2 for supported iPhone, iPad and Mac models. At the time, Apple credited the researchers who found the flaws that allowed a remote user to bypass protections put in place by Apple and gain access to a user’s personal data as well as their camera, microphone, and call history.