top of page

APT targeting iOS devices with zero-click iMessage exploit

A new and unknown advanced persistent threat (APT) has been discovered that has been targeting iOS devices as part of a sophisticated and long-running mobile campaign. The campaign has been given the name Operation Triangulation and it began way back in 2019. This new threat is said to use zero-click exploits via the iMessage platform in order to infect devices. Once infected, the malware has root privileges and gains complete control over the device and any user data that is present. This APT was discovered by the Russian cybersecurity company Kaspersky. They discovered it after they created offline backups of targeted devices. The attack chain begins with the iOS device receiving a message that has an attachment. This attachment contains the exploit which can be activated without any user interaction. The exploit is said to be zero-click, meaning that once the message is received, the vulnerability is triggered. Once the device is infected, the malware retrieves additional payloads for privilege escalation and then drops a final stage malware from a remote server. This final stage malware is described as a "fully-featured APT platform" by Kaspersky. This implant runs with root privileges and is capable of harvesting sensitive information. It is also equipped to run code that has been downloaded as plugin modules from the server. In the final phase of the attack, both the initial message and the exploit in the attachment are deleted in order to erase any traces of the infection. This is a serious threat and it's important to be aware of the dangers that come with using iMessage. Be sure to backup your device regularly and be cautious of any messages that you receive, even if they seem to be from a trusted source.


bottom of page