The National Telecommunication and Information Security Board (NTISB) has raised concerns about the deliberate targeting of iPhones by malicious actors using zero-click spyware, multiphase polymorphic techniques, and self-destructive malware.
Threat actors are allegedly spying on iPhones using zero-click spyware, multiphase polymorphic malware, and self-destructive malware, according to a warning from the board titled “Threat Actors Spying on iPhones Through Zero-Click Spyware”. The effort is regarded as a component of Operation Triangulation, a complex and well-established mobile espionage and data exfiltration operation.
Existence Triangulation has lately come to light, according to the alert, but it has been in existence since 2019. Although Apple has refuted these claims, the United States and Apple have also been accused by Russia of supporting spying operations. The operation appears to be designed to spy on the iPhones of Russian government personnel.
The warning stated that the technical specifications and methodology of operation triangulation are as follows: (a) During the initial phase, victims are infected using iMessage-based zero-click attacks. Because the malware is running with root privileges, it has full control over the victim’s devices and data; (b) the attack starts when iOS devices receive an iMessage message with a malicious attachment; (c) because the malware is a zero-day, the message automatically starts the malware’s execution without the user’s knowledge or consent; and (d) the malware downloads payloads from a download server before exfiltrating the victim’s data to the following remote servers: First, backuprabbit.com BusinessVideoNews.com, second third, cloudsponcer.com (4) MobileGamerStatistics.com (5) Snowee Analytics (6) Tagclick-cdn Seventh, topographyupdates.com Eight (8) unlimitedteacup.com (9). virtuallaughter.com Web-trackers.com, 10. Growthtransport.com (11) Addatamarket.net (12) datamarketplace.net (13) (14) Anstv, Ans7tv.net (15)
The initial iMessage text and the harmful attachment are both automatically removed in the last stage to remove all traces (crafted evasion). iOS 15.7 is the most recent version that has been successfully targeted.
The Board has advised that (a) everyone who has an iPhone should update to the most recent version (IOS 16.4.1 or higher). Avoid keeping official data or correspondence on your phone. (b) Keep iMessages off or blocked. (c) Block remote C&C server domains and URLs at Paragraph 3d (serial 1 to 15) at your firewall.
The Board has indicated in a different warning titled “Critical Vulnerabilities in Apple Products” that Apple has published security patches for major vulnerabilities, including one zero-day (CVE-2023-38606; Kernel State Modification Vulnerability). Threat actors are using Operation Triangulation to exploit CVE-2023-38606 in order to execute malicious code with kernel privileges and get access to target devices.
Patches and updated versions are now available for all Apple products (including the iPhone, iPad, iPod, macOS, TVOS, and watchOS), which are all impacted by the aforementioned vulnerability.
With the aforementioned in mind, the board has indicated that all users of Apple products are urged to update to the newest versions from the official Apple store: Versions of the following operating systems are available: a. iOS (16.6) and 15.7.8; b. tvOS (16.6); c. iPadOS (16.6) and 15.7.8; d. watchOS (9.6); e. iPodOS (16.6) and 15.8; f. macOS Ventura (13.5); g. macOS Monterey (12.6); and h. macOS Big Sur (11.79)
