Security News > 2024 > January > Kaspersky releases utility to detect iOS spyware infections

Kaspersky's researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator through analyzing a log file created on iOS devices.

"The sysdiag dump analysis proves to be minimally intrusive and resource-light, relying on system-based artifacts to identify potential iPhone infections. Having received the infection indicator in this log and confirmed the infection using Mobile Verification Toolkit processing of other iOS artifacts, this log now becomes part of a holistic approach to investigating iOS malware infection," said Maher Yamout, Lead Security Researcher at Kaspersky's Global Research and Analysis Team.

"Since we confirmed the consistency of this behavior with the other Pegasus infections we analyzed, we believe it will serve as a reliable forensic artifact to support infection analysis."

Log in Pegasus infections, Kaspersky experts observed a common infection path, specifically "/private/var/db/", mirroring paths seen in infections caused by other iOS malware like Reign and Predator.

To ease the search for spyware infections, Kaspersky experts developed a self-check utility for users.

Keep device updated: Install the latest iOS patches promptly, as many iOS exploit kits target already patched vulnerabilities.

News URL

https://www.helpnetsecurity.com/2024/01/17/detect-ios-spyware/