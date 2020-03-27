Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

#COVID19 News Links Hijacked With iOS Spyware

Apple iOS users in Hong Kong have been targeted by a large-scale spyware operation using news links posted in popular online forums to snare victims, according to Trend Micro.

In what the vendor is calling Operation Poisoned News, links in four different forums frequented by Hong Kong residents were found to use a hidden iframe to execute malicious code, exploiting flaws in iOS 12.1 and 12.2.

“The articles were posted by newly registered accounts on the forums in question, which leads us to believe that these posts were not made by users resharing links that they thought were legitimate,” said Trend Micro.

“The topics used as lures were either sex-related, clickbait-type headlines or news related to the COVID-19 disease.”

Alternatively, hackers copied a legitimate website and injected it with a malicious iframe.

The distribution of links to these malicious sites started on January 2, Trend Micro said.

The exploit chain includes a Safari bug which has no CVE, and a customized kernel exploit related to CVE-2019-8605. The final spyware payload, lightSpy, is designed to take full control of a victim’s device, exfiltrating GPS data, SMS messages, browsing history, contacts and content from messaging apps Telegram, QQ and WeChat.

A similar campaign was uncovered targeting Android devices in 2019, using spyware dubbed dmsSpy. It’s believed the two are linked.

“The design and functionality of operation suggests that the campaign isn’t meant to target victims, but aims to compromise as many mobile devices as possible for device backdooring and surveillance,” said Trend Micro.

The vendor refused to be drawn on the potential source of the attack. However, given the current political climate and widespread criticism of the Chinese Communist Party’s handling of the COVID-19 pandemic, Beijing-backed spies would be a natural choice.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Malicious 'Corona Anti-Virus' Software Discovered

2
News

#COVID19 Drives Phishing Emails Up 667% in Under a Month

3
News

APT41 Exploited Cisco, Citrix and Zoho Bugs in Wide-Ranging Campaign

4
News

All 4G Networks Susceptible to DoS Attacks

5
News

Canadian Volunteers to Form Cyber Civil Defense Brigade

6
News

Cincinnati Firm Faces $5m Data Breach Lawsuit

1
News

Domain Registrars Take Action Against Fraudulent COVID-19 Websites

2
News

US Plans to Dig Up the Dead for New Cyber-Defense Building

3
News

LORCA Launches Open Call for Fifth Cohort of Cyber-Scaleups

4
Opinion

COVID-19, Geo Tracking, and Privacy - Where to Draw the Line?

5
News

FBI Issues Child Sextortion Warning Amid School Closures

6
News

Virgin Media Facing Huge Compensation Bill Over Data Breach

1
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

2
Webinar

The Impact of #COVID19 on the Infosec Industry

3
Webinar

Gain Control and Security of Your File Collaboration

4
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

5
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

6
Webinar

How to Build a Program to Manage Your Third Parties and Supply Chain

1
News Feature

Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic

2
Interview

Interview: Doug Dooley, COO, Data Theorem

3
Blog

Best Practices in Designing a Data Decommissioning Policy

4
News Feature

The Unique Dangers Posed by #COVID19 Phishing Scams

5
Opinion

Respecting Data Privacy Rights Through Data Encryption

6
Interview

Interview: Len Shneyder, Co-Chair, Election Security Working Group, M3AAWG