Cyber security researchers from Kaspersky have revealed more details about TriangleDBand malware that you take aim at one zero-day vulnerability recently discovered on iOS.
In a detailed technical report, the cybersecurity company said that the malware contains several moduli which allow it to act in different ways on the phone. In this regard we talk about:
- recording sounds through the built-in microphone;
- theft iCloud Keychain;
- theft of database SQLite;
- locating the location of the device via GSM.
In fact, a huge danger for anyone who owns an iPhone. Whoever created the malware went to great lengths to ensure that it remained undetected.
The microphone module, for example, stops working when the victim turns on the screen or when the drums falls below 10%. The malware also performs some checks before launching, all to ensure that it is not installed in a research environment.
TriangleDB exploits two zero-day vulnerabilities on iOS, proving to be even more fearsome than expected
As for the identity of the cybercriminals behind TriangleDB, so far everything is shrouded in thick mystery. At the moment, Kaspersky simply defines malware in a generic way, i.e. as a “Full-featured advanced persistent threat (APT).“. APTs are often associated with state-level or government-sponsored threat actors.
To distribute the malware, hackers exploited two distinct zero-day vulnerabilities on iOS, known as CVE-2023-32434 e CVE-2023-32435. By sending a specially crafted message through the platform iMessageattackers can gain full control of both the endpoint and user data, without the need for any interaction by the victim.
One thing is for sure: the cybercriminals behind TrianleDB are not clueless. The researchers, in fact, confirmed how “The attackers also demonstrated great knowledge of the iOS structure, as they used undocumented private APIs during the attack“.