Friday, 02 June 2023 14:46

New APT Group targeting iOS Users with Zero-Click Malware, US gets the Blame

Written by

Reading time is around minutes.

There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according to researchers, leverages iMessage to send the targeted user an attachment that then runs with Root Privileges on the device. The result is a complete takeover of the device in question.

According to Kaspersky (the company that identified the exploit), the message with the attachment does not even have to be clicked on to infect the device. This is due to how iMessage parses the attachment and information around it. Once the attachment is on the device and message is parsed, it can achieve code execution on the device (again with root privileges). From there it can download other tools to dig further into the OS and establish communication with its command-and-control server which Kaspersky says is “fully featured”.

The malware can grab sensitive information on the device including photos, recordings messages, geolocation and more from the infected device. Once the infection is complete the message and attachment are removed to avoid detection. The good news is that, as of right now the malware cannot maintain persistence on the targeted iOS device, but there does seem to be indications that devices can become reinfected after a reboot.

As of right now the Russian Government is blaming the US and Apple for this particular attack. The FSB (Federal Security Service and was once the KGB) says that they believe the US National Security Administration in close cooperation with Apple to target Russian citizens and diplomats. Apple, as expected, has stated they have never and will never cooperate with any government to insert spy/malware in any Apple device. This statement is likely very true, but it does not get around the fact that agencies like the NSA, FBI, and CIA have leveraged their power to ensure that some openings are available into different platforms. These same agencies also pay contractors to identify vulnerabilities that can be exploited in the deployment of spying tools. All while having access to courts that can secretly grant them access to user data stored by large tech companies.

We have no idea if the US is behind these attacks. The attack looks to be real, based on the report from Kaspersky, but the timing of the attack and the statement from the Russian FSB are a bit suspect. Laying blame on Apple and the US could just be a politically expedient statement designed to put the US in a bad light. On the other hand, we do know that the US has, through contractors and direct action, performed such attacks in the past. One of the most notable, Stuxnet, comes to mind.

It is likely that we will never know the real story here. Attribution is one of those things that can be tricky. At times there is good evidence to make a claim against one group or another, at others it seems like a giant leap of logic. Either way, this attack vector is something to be concerned about, iOS users should be cautions and Apple should investigate the claim as real until they can either patch the vulnerability in use or rule it out as possible.

Read 605 times Last modified on Friday, 02 June 2023 14:48

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.