iMessage danger: Kaspersky discovers zero-click spyware infecting iPhones and iPads

Kaspersky researchers discovered a new malware campaign called “Operation Triangulation“. It uses a spyware that aims to spy and steal data from devices with iOS through iMessage using an attack of the type zero click.

Explaining better, spyware with type penetration zero click are those that do not require a user action to infect the device. This means that it is enough to receive the message with the spyware for it to take action and steal data from the device, making the situation even more worrying.

According to Kaspersky, the attack campaign was discovered while its experts monitored corporate WiFi network traffic with the Kaspersky Unified Monitoring and Analysis Platform (KUMA) and noticed that dozens of cell phones belonging to the company’s employees running iOS were targets for spyware..

When the spyware infected the device, it quickly used a security hole to gain administrator access to the device and gain complete control over it. When the invasion was completed the exploit and the infected message were automatically deleted so that the owner of the smartphone or tablet would not suspect anything.

Igor Kuznetsov, head of the EEMEA unit of Kaspersky’s Global Research and Analysis Team (GReAT), commented on the hacking spyware campaign saying:

When it comes to cybersecurity, even the most secure operating systems can be compromised. As APTs (Advanced Persistent Threats) are constantly evolving their tactics and looking for new weaknesses to exploit, companies must prioritize the security of their systems. This involves prioritizing employee education and awareness and providing them with the latest threat information and tools to effectively recognize and defend against potential threats.

When the spyware gained full control over the device it used administrative privileges to obtain the following information:

• Photos from messaging apps;
• Geolocation;
• Recordings from the device’s microphone;
• Other sensitive data of the device owner.

According to Kaspersky, the spyware targets every device running iOS or iPadOS, but so far the highest recorded infection rate has been on devices running iOS 15.7 and earlier.

In this way, we recommend that you keep the software of all your devices updated to avoid intrusions, in addition to avoiding clicking on links or opening messages from unknown senders.

In addition, Kaspersky confirmed that the attack did not cause any data leaks from its customers or from the company itself, which makes it believe that the attack was not directed at it.

Our investigation into “Operation Triangulation” continues. We hope more details about this will be shared soon, as there may be targets for this spying operation outside of Kaspersky.

Finally, Kaspersky also recommends that companies use reliable security solutions, keep all their devices up to date, improve their security team with adequate training to avoid attacks such as “Operation Triangulation”.

If you suspect that your smartphone or tablet has been infected, access Kaspersky’s SecureList portal via the link below and follow the instructions to scan your device.

Speaking of malware, a new threat is also targeting devices running macOS. See how to protect yourself here.