“Triangulation Trojan” Launches Sophisticated Attack on Apple Devices

Specialized for Apple’s Mobile Devices

Security experts have uncovered an advanced, targeted cyberattack that leverages Apple’s mobile devices. The attack, named “Triangulation,” is aimed at planting covert spyware into the iPhones of employees of certain companies, including middle and top management personnel.

The cyberattack employs an invisible iMessage carrying a malicious attachment. Utilizing multiple vulnerabilities within the iOS operating system, the attachment is executed on the device, stealthily installing the spyware. This occurs without the need for user action. Once in place, the spyware discreetly relays sensitive data back to remote servers, including microphone recordings, instant messenger photos, geolocation, and other user activity data.

The proprietary nature of iOS makes the detection and removal of this spyware particularly challenging, requiring the use of external tools. A vital sign of the Triangulation presence is disabling iOS updates on the infected device. Additionally, a device backup should be made and checked using a unique utility for a more definitive infection confirmation. Kaspersky is also in the process of developing a free detection tool.

Unfortunately, due to the specific way the spyware blocks iOS updates, there is currently no effective method to remove the Triangulation without losing user data. The only recourse is to reset the infected iPhones to factory settings and install the latest version of the operating system and the entire user environment anew. This is crucial as the spyware can re-infect through vulnerabilities present in an outdated iOS version.

The attack’s sophisticated nature is such that it remained largely undetected until anomalies within the network originating from Apple devices were picked up by Kaspersky’s Unified Monitoring and Analysis Platform (KUMA), a native Security Information and Event Management (SIEM) solution. Subsequent investigations revealed that several dozen iPhones belonging to senior employees were infected with the spyware.

Kaspersky is still investigating this incident, with more information to be shared in a dedicated post on Securelist. They anticipate further details on the global proliferation of this spyware will emerge in the coming days. Despite being targeted in this attack, Kaspersky stresses they were not the primary objective and assures their business processes and user data remain unaffected.

C2 Domains For Triangulation Trojan Attack

The source is SecurceList.

addatamarket[.]net

backuprabbit[.]com

businessvideonews[.]com

cloudsponcer[.]com

datamarketplace[.]net

mobilegamerstats[.]com

snoweeanalytics[.]com

tagclick-cdn[.]com

topographyupdates[.]com

unlimitedteacup[.]com

virtuallaughing[.]com

web-trackers[.]com

growthtransport[.]com

anstv[.]net

ans7tv[.]net

It Is Not First Spyware For iMessage: Pegasus Spyware

Citizen Lab digital security researchers have detected a new zero-click iMessage vulnerability, which is used to install Pegasus spyware on the iPhone devices of Catalan politicians, journalists, and activists.

Pegasus is developed by the Israeli firm NSO and marketed to governments as licensed software for investigating terrorist activities. With Pegasus spyware, attacks were carried out on high-level authorities of many states such as the United Kingdom and Finland.

Between 2017 and 2020, it was observed that Pegasus targeted at least 65 people by exploiting the Kismet iMessage vulnerability and a vulnerability in Whatsapp. Many people are among the recently observed campaign targets, such as Catalan members of the European Parliament, heads of state, judges, lawyers, and journalists… [Read More]

How Can Brandefense Help You?

Our innovative service offers a range of benefits that can help you stay ahead of cybercriminals and protect your brand reputation. With early detection of cyber threats, you’ll have more time to respond and prevent potential data breaches or other attacks. Our dark web monitoring can enhance your overall security posture and protect your sensitive data and assets.