Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports.


The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware. Vulnerabilities affecting iOS 12.1 and 12.2 devices have been exploited to load a new piece of spyware called lightSpy.


With support for shell commands and file manipulation, the malware would allow the attackers to spy on users and take full control of the infected devices.


Modular in nature, lightSpy allows for the exfiltration of connected WiFi history, contacts, GPS location, hardware information, iOS keychain, phone call history, Safari and Chrome browser history, SMS messages, and local network IP addresses.


The malware was also found to specifically target messenger applications such as Telegram, QQ, and WeChat.


Trent Micro’s security researchers also discovered similar attacks that targeted Android users in 2019, distributing malicious APKs through public Hong Kong-related Telegram channels. Referred to as dmsSpy, the Android malware would exfiltrate device information, contacts, and SMS messages.


The iOS campaign, which Trend Micro named Operation Poisoned News, appears designed to compromise a large number of devices for backdooring and surveillance purposes.


On February 19, the security researchers discovered a watering hole attack targeting iOS users with URLs leading to a malicious website featuring three iframes pointing to different sites. One of the iframes is visible and leads to a legitimate news site, another is used for website analytics, while the third led to a site hosting the main script of the iO ..

Support the originator by clicking the read the rest link below.