Ongoing iMessage spyware attack on iPhones, zero-click discovered.

On Thursday, cybersecurity provider Kaspersky published a report outlining a recent spyware attack targeting iOS devices. They detected unusual activities on numerous iPhones and conducted offline backups for examination, utilizing the Mobile Verification Toolkit for iOS. The MVT-generated file revealed indications of compromise on the affected iPhones.

According to Kaspersky, iPhones are susceptible to this spyware without requiring any user action. The attack begins with the iPhone user receiving an imperceptible iMessage containing a malicious attachment. This attachment carries an exploit that exploits a vulnerability, leading to code execution, irrespective of the user’s engagement with the message.

Following this, the code triggers the retrieval of additional stages from a command-and-control (C&C) server, facilitating the installation of extra iOS exploits to elevate privileges. Once the iPhone is successfully exploited, a conclusive payload is acquired, featuring a fully operational advanced persistent threat (APT) platform. The initial message, along with its attachment, is then erased, leaving users unaware of the discreet series of events unfolding in the background.

CEO Eugene Kaspersky mentioned in his blog that, due to the unique nature of blocking iOS updates on compromised devices, an effective method to remove the spyware without data loss remains undiscovered. The only solution is to reset infected iPhones to factory settings, install the latest OS version, and reconstruct the user environment from scratch. Otherwise, even if the spyware is deleted from device memory after a reboot, Triangulation can reinfect the device through vulnerabilities in outdated iOS versions.

As per Kaspersky, indications of infection trace back to 2019, and the spyware continues to compromise iPhones to this day. Fortunately, the attack has been observed exclusively on iPhones with iOS 15.7 or earlier versions. iOS 15.7 was introduced in September 2022, and Apple’s developer portal indicates that more than 80% of iPhones are already operating on at least iOS 16.

Eugene Kaspersky asserts that his company “was not the primary target of this cyberattack.” The motives behind the notable impact on Kaspersky devices, the true scale of the spyware attack, and the potential risk to the typical iPhone user remain uncertain. Nevertheless, this incident highlights the significance of regularly updating your iPhone’s operating system as an additional precautionary measure.