Kaspersky Uncovers Highly Advanced iOS Spyware, TriangleDB, Targeting iPhones via iMessage and Wiping Evidence upon Reboot
Renowned cybersecurity firm, Kaspersky has recently disclosed the intricate workings of a sophisticated iOS spyware implant discovered during a targeted attack campaign.
Known as TriangleDB, this malicious software possesses the capability to surreptitiously gather an extensive array of sensitive data from compromised iPhones, including contact information, call logs, SMS messages, and precise location data, among others.
TriangleDB leverages a kernel vulnerability within iOS to infiltrate devices, and once successfully installed, it operates solely in the device’s memory. This peculiar attribute leads to its eradication upon device reboot. However, the spyware automatically reinstalls itself after 30 days unless the attackers prolong this timeframe.
In addition to its comprehensive data collection abilities, TriangleDB boasts several additional features, including the capacity to capture screenshots, record audio, and exert control over the device’s camera.
The Kaspersky research team suggests that TriangleDB represents the handiwork of a highly resourced threat actor. Consequently, they are urging iOS users to remain vigilant for any suspicious messages that may indicate a potential compromise.
“While delving into this attack, we encountered a remarkably intricate iOS implant rife with numerous intriguing idiosyncrasies,” commented Georgy Kucherin, a security expert at Kaspersky’s Global Research and Analysis Team (GReAT). “As we continue our analysis of the campaign, we are committed to providing updated insights into this sophisticated assault. We call upon the cybersecurity community to unify, share knowledge, and collaborate to gain a more comprehensive understanding of the threats that abound.”
To obtain further information regarding the TriangleDB spyware, visit Securelist.com.
Kaspersky has also released a specialized utility, named ‘triangle_check,’ designed to automatically scan for any traces of this malware infection. For a detailed guide on how to check your device, refer to the accompanying blog post.
In order to safeguard against falling prey to a targeted attack orchestrated by either known or unidentified threat actors, Kaspersky researchers advocate implementing the following precautionary measures:
- Employ a reliable security solution for businesses, such as Kaspersky Unified Monitoring and Analysis Platform (KUMA).
- Promptly and consistently update Microsoft Windows OS and third-party software to the latest versions.
- Provide your SOC (Security Operations Center) team with access to the most up-to-date threat intelligence (TI). Kaspersky Threat Intelligence serves as a centralized resource for the company’s TI, delivering comprehensive cyberattack data and insights accumulated by Kaspersky over the past two decades.
- Enhance the skills of your cybersecurity personnel to effectively combat the latest targeted threats through Kaspersky’s online training programs, meticulously developed by their esteemed GReAT experts.
- Combat the initial stages of targeted attacks, which frequently involve phishing and social engineering techniques, by instituting security awareness training and equipping your team with practical skills. The Kaspersky Automated Security Awareness Platform serves as an ideal resource for such purposes.
By adhering to these proactive measures, organizations and individuals can significantly reduce their susceptibility to sophisticated cyber threats.