Security News > 2023 > June > Operation Triangulation: Zero-Click iPhone Malware
Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases.
The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device.
The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation.
The initial message and the exploit in the attachment is deleted.
The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting.