New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

June 1, 2023Ravi LakshmananMobile Security/APT

A previously unknown Advanced Persistent Threat (APT) is targeting iOS devices as part of a sophisticated long-running mobile campaign dubbed “APT”. Triangulation operation Started in 2019.

“Targets are infected using a zero-click exploit through the iMessage platform, where the malware runs with root privileges and takes full control of the device and user data,” Kaspersky said.

A Russian cybersecurity firm said it found indicators of compromise after creating offline backups of the targeted devices.

The attack chain begins with the iOS device receiving a message via iMessage containing an attachment containing the exploit.

The exploit is said to be zero-click, meaning that the vulnerability is triggered by receiving a message without requiring user interaction to execute code.

It is also configured to retrieve additional payloads for privilege escalation and drop the final stage malware from a remote server that Kaspersky describes as a “full-featured APT platform.”

The implant runs with root privileges, can collect sensitive information, and has the ability to execute code downloaded as a plugin module from a server.

In the final stage, both the initial message and the exploit in the attachment are deleted, erasing all traces of infection.

“The malicious toolset does not support persistence. This is probably because [operating system]Kaspersky said, “The timeline of multiple devices shows the potential for reinfection after a reboot.”

The exact size and scope of the campaign remains unknown, but the company said the attack was ongoing and had successfully infected devices with iOS 15.7, released September 12, 2022.

It is also unknown at this time if the attack is leveraging a zero-day vulnerability in iOS. Hacker News has reached out to Apple for further comment and will update the article when we hear back.