Threat actors are targeting iPhones with zero-click spyware, multiphase polymorphic malware, and self-destructive malware, according to a warning from the National Telecommunication and Information Security Board (NTISB).
Threat actors are allegedly spying on iPhones using zero-click spyware, multiphase polymorphic malware, and self-destructive malware, according to a warning from the Board titled “Threat Actors Spying on iPhones Through Zero-Click Spyware”. The effort is seen as a component of Operation Triangulation, a sophisticated and ongoing mobile espionage and data exfiltration operation.
Operation Triangulation been ongoing since 2019, but it was just recently discovered, according to the advisory. Although Apple has refuted these claims, Russia has charged that the US and Apple helped to facilitate surveillance efforts.
Technical information and the method of operation for operation triangulation are as follows, according to the advisory: Via the iMessage platform, zero-click attacks are used to infect victims during the initial phase (a).Because it is a zero-day vulnerability, the message automatically initiates malware execution without requiring user interaction or knowledge. Additionally, the malware downloads payloads from a download server before exfiltrating victim data to remote servers.
In order to leave no trace (crafted evasion), the initial iMessage text and malware attachment are both immediately removed in the final stage. The most recent version, iOS 15.7, has been successfully targeted.
The Board has advised that (a) all iPhone users should upgrade to the newest versions (iOS 16.4.1 or higher). Keep iMessages disabled or blocked, don’t store work-related information on your phone, and have administrators block specific Remote C&C server domains and URLs at the firewall.
The Board reported in another warning titled “Critical Vulnerabilities in Apple Products” that Apple had published security patches for key vulnerabilities, including one zero day (CVE-2023-38606; Kernel State Modification Vulnerability). Threat actors using Operation Triangulation are taking advantage of CVE-2023-38606 in order to run malicious programmes with kernel privileges and access victim devices without their permission. Due to the above-mentioned vulnerability, patches and upgraded versions are now available for all Apple products (iPhone, iPad, iPod, macOS, tvOS, and watchOS).
The Board has suggested updating to the most recent versions of the following Apple products from the official Apple store: Versions of iOS, tvOS, and iPadOS are 16.6, 15.7, and 9.6, respectively. Versions of watchOS, on the other hand, are 16.6 and 9.6, respectively. e. iPod OS versions 16.6 and 15.8, f. macOS Ventura version 13.5, g. macOS Monterey version 12.6, and h. macOS Big Sur version 11.79.