Security News > 2023 > June > New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation.

The Russian cybersecurity company has codenamed the backdoor TriangleDB. "The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers said in a new report published today.

Operation Triangulation entails the use of zero-click exploits via the iMessage platform, thereby allowing the spyware to complete control over the device and user data.

"The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware," Eugene Kaspersky, CEO of Kaspersky, previously said.

Another notable aspect is the presence of the routine "PopulateWithFieldsMacOSOnly." While this method is nowhere called in the iOS implant, the naming convention raises the possibility that TriangleDB could also be weaponized to target macOS devices.

The Russian government has pointed fingers at the U.S., accusing it of breaking into "Several thousand" Apple devices belonging to domestic subscribers and foreign diplomats as part of what it claimed to be a reconnaissance operation.

News URL

https://thehackernews.com/2023/06/new-report-exposes-operation.html