Kaspersky Finds Cybersecurity Threat That Targets iPhone Users via Malicious iMessage Attachment

The spyware extracts private information like microphone recordings, photos from instant messengers, geolocation, and other data.

Kaspersky Finds Cybersecurity Threat That Targets iPhone Users via Malicious iMessage Attachment

Photo Credit: Unsplash/ William Hook

Disabling the iMessage service would prevent iOS devices from the attack

Highlights
  • The malware installs on iPhones via a malicious iMessage attachment
  • Kaspersky calls the cyberattack “Operation Triangulation”
  • Threat doesn’t require the iPhone user to do anything
Advertisement

Prominent cybersecurity and anti-virus firm Kaspersky has discovered a new cyberattack threat that targets iPhone models running older versions of iOS via iMessage application. The malware, found when the company was monitoring its own Wi-Fi network for mobile devices, infects the phone via a received iMessage, which contains a malicious attachment. The threat doesn't require the iPhone user to do anything and utilises iOS vulnerability to install a spyware that takes complete control of device and user data.

According to a report about their findings published by Kaspersky, the malicious attachment sent via iMessage executes a code without the need for any action from the user. The malicious code then runs a set of commands for collection of private user data.

Kaspersky CEO Eugene Kaspersky tweeted about the iOS cyberattack, detailing that the spyware extracts private information like microphone recordings, photos from instant messengers, geolocation, and other data and transmits it to remote servers. The firm has dubbed the cyberattack threat as “Operation Triangulation.”

Kaspersky said that the malware was found on the iPhones of dozens of employees and could target other iPhone users as well. He also added that the threat had been neutralised and details of the vulnerability have been sent to Apple. The CEO also noted that disabling the iMessage service would prevent vulnerable iOS devices from the attack.

The company said that after the malware is successfully installed on the device, the initial text and the accompanying exploit in the iMessage attachment are deleted. Kaspersky's report said the attack was ongoing, and iOS 15.7 was the most recent version among the devices that were successfully targeted. iPhone models running iOS 16 appear to be safe from the threat, but Kaspersky did mention in the comments section of its report that they could not guarantee that other iOS versions were safe.

On Friday, Kaspersky also released tools for users to check if their device was infected.

Back in February, Apple released updates that fixed major vulnerabilities with iOS 16.3 and macOS 13.2 for supported iPhone, iPad and Mac models. At the time, Apple credited the researchers who found the flaws that allowed a remote user to bypass protections put in place by Apple and gain access to a user's personal data as well as their camera, microphone, and call history.


Apple's annual developer conference is just around the corner. From the company's first mixed reality headset to new software updates, we discuss all the things we're looking forward to seeing at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Manas Mitul
In his time as a journalist, Manas Mitul has written on a wide spectrum of beats including politics, culture and sports. He enjoys reading, walking around in museums and rewatching films. Talk to Manas about football and tennis, but maybe don’t bring up his video game backlog. More
Xiaomi 13 Ultra Global Launch Date Confirmed; Will Arrive on June 7
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »