Experts reveal more info on this dangerous hacking tactic targeting your iPhone

TriangleDB is more dangerous than initially thought

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Kaspersky have revealed more details on TriangleDB, a piece ofmalwarethat targeted a zero-day vulnerability recently discovered in the iOSoperating system.

In a detailed technical writeup, Kaspersky said the malware contains at least four different modules that allow it to record sounds using the device’s integrated microphone, extractiCloudkeychain, steal data from SQLite databases, and even triangulate the device’s location by means of GSM (not GPS).

When GPS data is not available, the module in charge of tracking the victim’s location will use mobile country code (MCC), mobile network code (MNC), and location area code (LAC) to determine the exact location of the device. Whoever built the malware has also gone to great lengths to make sure they’re not spotted. The microphone module, for example, stops working when the victim turns the screen on, or when the battery drops below 10%. The malware also runs a few checks before running, to make sure it’s not installed in a research environment.

Advanced persistent threats

When it comes to the identity of the attackers, so far it’s still a mystery. The campaign is dubbed Operation Triangulation, and while the identity is unknown, Kaspersky described the operators as a “fully-featured advanced persistent threat (APT)”.

APTs are often associated with state, or state-sponsored, threat actors tasked with government or corporate espionage and data theft.

To deploy the malware, the hackers leveraged zero-day vulnerabilities on iOS, tracked as CVE-2023-32434 and CVE-2023-32435. By sending a specially crafted message through the iMessage platform, the attackers could gain full control over both theendpointand user data, without needing any interaction from the victim.

“The adversary behind Triangulation took great care to avoid detection,” the researchers said. “The attackers also showed a great understanding of iOS internals, as they used private undocumented APIs in the course of the attack.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now