Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Share post:

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through the iMessage platform.

Kaspersky found suspicious activities on iOS devices but couldn’t examine them directly. They used offline backups to analyze the devices with mvt-ios. They discovered that the attack happens when an iPhone gets an iMessage with an attachment containing an exploit.

This exploit is designed to trigger a system vulnerability without needing user interaction, enabling the execution of harmful code. If successful, the exploit fetches more exploits from a Command and Control server to gain higher privileges on the compromised device.

Following the exploitation, the attacker obtains complete control of the device and user data by downloading an APT platform from the Command and Control server. The assault deletes the initial message and exploit attachment to stay undetected.

Since the malicious toolkit utilized is not persistent, its efficacy may be restricted by iOS limitations. However, reinfection is possible if the device is restarted and targeted again.

Kaspersky warns that the campaign has already impacted devices running iOS versions up to 15.7 as of June 2023. However, it remains uncertain whether the attackers are exploiting a recently discovered zero-day vulnerability in older iOS versions.

The sources for this piece include an article in AppleInsider.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Cyber Security Today, July 8, 2024 – New ransomware group discovered, and summer podcast break starts

A new ransomware group is discovered. Welcome to Cyber Security Today. It's Monday July 8th, 2024. I'm Howard Solomon,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways