The operation uses “Local News Websites” to spread spyware infection.
Cybersecurity firms Kaspersky and Trend Micro have uncovered a malicious new campaign involving the installation of the “feature-rich implant” LightSpy malware using links on local news sites. The campaign has been named Operation Poisoned News and it is targeting iPhone users mainly in Hong Kong for now.
It is a watering-hole campaign in which cybercriminals are exploiting iOS 12.1 and 12.2 vulnerabilities for installing spyware to collect sensitive private data/information as well as to gain control of the device remotely.
This campaign was identified on 10 January 2020 in which victims are trapped into clicking on malicious links, which although take users to the actual website but its links are infected with LightSpy and posted by scammers on different forums of local news stories to hunt for victims.
List of news topics posted by the campaign and forum post with the link to a malicious site:
Image: Trend Micro
Our research also uncovered a similar campaign aimed at Android devices in 2019. Links to malicious .APK files were found on various public Hong Kong-related Telegram channels. These messages claimed they were for various legitimate apps, but they led to malicious apps that could exfiltrate device information, contacts, and SMS messages, wrote Trend Micro in its blog post.
These links contain a hidden iframe that loads the malicious code to install the malware. LightSpy, on the other hand, is a modular backdoor that lets the attacker execute shell command r ..
Support the originator by clicking the read the rest link below.
