“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

iOS VPN App

Protect Your Access to the Internet


“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

Moscow-based security firm Kaspersky has been hit by an advanced cyberattack that used clickless exploits to infect the iPhones of several dozen employees. The phones were infected with malware that collects microphone recordings, photos, geolocation, and other data, company officials said.

“We are quite confident that Kaspersky was not the main target of this cyberattack,” Eugene Kaspersky, founder of the company, wrote in a post published on Thursday. “The coming days will bring more clarity and further details on the worldwide proliferation of the spyware.”

This clickless APT exploit will self destruct

The malware, which has been in use for at least four years, was delivered in iMessage texts that attached a malicious file that automatically exploited one or more vulnerabilities without requiring the receiver to take any action. With that, the devices were infected with what Kaspersky researchers described as a “fully-featured APT platform.” APT is short for advanced persistent threat and refers to threat actors with nearly unlimited resources who target individuals over long periods of time. APTs are almost always backed by nation-states.

Once the APT malware was installed, the initial text message that started the infection chain was deleted. In Thursday’s post, Eugene Kaspersky wrote:

The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on the device and installs spyware. The deployment of the spyware is completely hidden and requires no action from the user. Further, the spyware also quietly transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation and data about a number of other activities of the owner of the infected device.

The attack is carried out as discreetly as possible, however, the fact of infection was detected by Kaspersky Unified Monitoring and Analysis Platform (KUMA), a native SIEM solution for information and event management; the system detected an anomaly in our network coming from Apple devices. Further investigation from our…

Source…