June 2, 2023

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through the iMessage platform.

Kaspersky found suspicious activities on iOS devices but couldn’t examine them directly. They used offline backups to analyze the devices with mvt-ios. They discovered that the attack happens when an iPhone gets an iMessage with an attachment containing an exploit.

This exploit is designed to trigger a system vulnerability without needing user interaction, enabling the execution of harmful code. If successful, the exploit fetches more exploits from a Command and Control server to gain higher privileges on the compromised device.

Following the exploitation, the attacker obtains complete control of the device and user data by downloading an APT platform from the Command and Control server. The assault deletes the initial message and exploit attachment to stay undetected.

Since the malicious toolkit utilized is not persistent, its efficacy may be restricted by iOS limitations. However, reinfection is possible if the device is restarted and targeted again.

Kaspersky warns that the campaign has already impacted devices running iOS versions up to 15.7 as of June 2023. However, it remains uncertain whether the attackers are exploiting a recently discovered zero-day vulnerability in older iOS versions.

The sources for this piece include an article in AppleInsider.