Contacts, messages, passwords – nothing is hidden from an advanced malware.
A group of cybersecurity experts has discovered the resumption of a cyber espionage campaign targeting users in South Asia. The purpose of the attacks is to introduce a new version of the LightSpy malware aimed at iOS users.
"The latest version of LightSpy, known as 'F_Warehouse', has a modular structure with advanced surveillance capabilities, " the BlackBerry research division said.
According to experts, the malicious campaign could have been aimed mainly at India, given the numerous shipments of copies to VirusTotal from the territory of this country.
LightSpy is a sophisticated iOS backdoor first discovered in 2020. It is spread mainly through infected news sites. In October 2023, ThreatFabric experts identified a link between LightSpy and the Android malware DragonEgg, which is attributed to the Chinese group APT41.
The initial point of infection of the latest malicious campaign is still unknown for sure, but researchers suggest that it was again hacked news resources.
The fully deployed LightSpy malware allows attackers to collect contacts, SMS messages, location data from their victims ' iPhones, and record audio during VoIP calls. And the latest version of the malware is even capable of stealing data from popular instant messengers, iCloud passwords and browser history.
The malware uses "Certificate Pinning" technology to prevent communication with the command server from being detected. In addition, the code analysis suggests the involvement of Chinese-speaking developers, which indicates possible support for the Chinese Communist Party.
"The return of LightSpy to the F_Warehouse iteration indicates an escalation of mobile espionage threats," BlackBerry experts concluded. "The enhanced capabilities of this malware pose serious risks to users and organizations in South Asia."
A group of cybersecurity experts has discovered the resumption of a cyber espionage campaign targeting users in South Asia. The purpose of the attacks is to introduce a new version of the LightSpy malware aimed at iOS users.
"The latest version of LightSpy, known as 'F_Warehouse', has a modular structure with advanced surveillance capabilities, " the BlackBerry research division said.
According to experts, the malicious campaign could have been aimed mainly at India, given the numerous shipments of copies to VirusTotal from the territory of this country.
LightSpy is a sophisticated iOS backdoor first discovered in 2020. It is spread mainly through infected news sites. In October 2023, ThreatFabric experts identified a link between LightSpy and the Android malware DragonEgg, which is attributed to the Chinese group APT41.
The initial point of infection of the latest malicious campaign is still unknown for sure, but researchers suggest that it was again hacked news resources.
The fully deployed LightSpy malware allows attackers to collect contacts, SMS messages, location data from their victims ' iPhones, and record audio during VoIP calls. And the latest version of the malware is even capable of stealing data from popular instant messengers, iCloud passwords and browser history.
The malware uses "Certificate Pinning" technology to prevent communication with the command server from being detected. In addition, the code analysis suggests the involvement of Chinese-speaking developers, which indicates possible support for the Chinese Communist Party.
"The return of LightSpy to the F_Warehouse iteration indicates an escalation of mobile espionage threats," BlackBerry experts concluded. "The enhanced capabilities of this malware pose serious risks to users and organizations in South Asia."
