Security News > 2023 > June > Apple squashes kernel bug used by TriangleDB spyware
Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.
In the security shop's ongoing analysis of the smartphone snooping campaign - during which attackers exploit a kernel vulnerability to obtain root privileges and install TriangleDB on victims' handsets - Kaspersky analysts uncovered 24 commands provided by the malware that can be used for a range of illicit activities; everything from stealing data, to tracking the victim's geolocation, and terminating processes.
TriangleDB is the mystery spyware that Kaspersky found running on its own management's devices.
Apple pushed software updates to fix the kernel vulnerability uncovered by the Kaspersky researchers during their TriangleDB analysis.
At the time, a Kaspersky spokesperson told The Register it was aware of the FSB's claims, but couldn't say if the two things - America allegedly backdooring iPhones, and the spyware found on several Kaspersky devices - were linked.
The implant sends heartbeat pings to the C2 server with system information, and the server responds to these messages with commands, all of which have names starting with CRX. Kaspersky's researchers analyzed two dozen of these commands, and said they can be used to make the spyware interact with processes and the filesystem to create and remove files.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/21/apple_patches_triangledb_spyware/
Related news
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)