Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The new spy version of LightSpy targets iPhones with enhanced surveillance tactics
Global Security

The new spy version of LightSpy targets iPhones with enhanced surveillance tactics

AdminBy AdminOctober 31, 2024No Comments3 Mins Read
iPhone Spyware
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 31, 2024Ravi LakshmananSpy software / Mobile security

Spy software for iPhone

Cybersecurity researchers have discovered an improved version of Apple’s iOS spy software called LightSpy, which not only extends its functionality, but also contains destructive capabilities to prevent a jailbroken device from booting.

“While the way iOS implants are delivered is very similar to the macOS version, the post-exploitation and privilege escalation steps are significantly different due to platform differences,” ThreatFabric. said in an analysis published this week.

LightSpy, first documented in 2020 as targeting users in Hong Kong, is modular implant which uses a plugin-based architecture to increase its capabilities and allow it to capture a wide range of sensitive information from an infected device.

Cyber ​​security

Malware-distributing attack chains use known security flaws in Apple iOS and macOS to trigger a WebKit exploit that drops a file with a “.PNG” extension, but is actually a Mach-O binary responsible for receiving the next stage’s payloads from a remote server. by abusing the lack of memory tracked as CVE-2020-3837.

This includes a component called FrameworkLoader, which in turn loads the LightSpy Core module and its various plugins, the number of which has increased significantly from 12 to 28 in the latest version (7.9.0).

“Upon launch, Core will perform an Internet connection check using the Baidu.com domain, and then check the arguments that were passed from FrameworkLoader as (command and control) data and the working directory,” the Dutch security service. the company said.

“Using the working directory path /var/containers/Bundle/AppleAppLit/, Core will create subfolders for logs, database, and exfiltrated data.”

Plugins can capture a wide range of data, including Wi-Fi network information, screenshots, location, iCloud Keychain, audio recordings, photos, browser history, contacts, call history and SMS messages, and collect information from apps such as Files , LINE, Mail Master, Telegram, Tencent QQ, WeChat and WhatsApp.

Spy software for iPhone

Some of the newly added plugins also have destructive features that can delete media files, SMS messages, Wi-Fi network configuration profiles, contacts and browser history, and even freeze the device and prevent it from restarting. In addition, LightSpy plugins can create fake push notifications that contain a specific URL.

The exact means by which the spyware was distributed is unclear, although it is believed to be organized through watering hole attacks. To date, these campaigns have not been attributed to a known threat actor or group.

Cyber ​​security

However, there is some evidence that the operators are likely based in China due to the fact that the location plugin “lists location coordinates according to a system used exclusively in China”. It should be noted that Chinese mapping service providers adhere to a coordinate system called GCJ-02.

“The LightSpy iOS incident highlights the importance of keeping systems up to date,” ThreatFabric said. “The threat actors behind LightSpy closely monitor security researchers’ publications, reusing newly disclosed exploits to deliver payloads and elevate privileges on affected devices.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.