Malware News LightSpy: Implant for iOS

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,249
Content source
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
In May 2024, ThreatFabric published a report about LightSpy for macOS. During that investigation, we discovered that the threat actor was using the same server for both macOS and iOS campaigns.

Thanks to this, we were also able to obtain the most recent samples of LightSpy for iOS. After a brief analysis of the obtained files, we concluded that this version slightly differs from the version discussed by researchers in 2020.

The previously documented version of LightSpy's Core for iOS was identified as "6.0.0." However, the version we obtained from this server was "7.9.0." The updates extended beyond the Core itself—the plugin set increased significantly from 12 to 28 plugins. Notably, seven of these plugins have destructive capabilities that can interfere with the device’s boot process.

In this report, we will examine the latest version of LightSpy for iOS, along with its associated plugins.
Click to expand...
Research summary

The threat actor expanded support for the iOS platform, targeting up to version 13.3. They utilized the publicly available Safari exploit CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation.

The actor ran multiple campaigns with varying sets of plugins. One particular campaign included plugins that could disrupt the operating system’s stability, with capabilities to freeze the device or even prevent it from booting up.
Click to expand...
www.threatfabric.com

LightSpy: Implant for iOS

ThreatFabric’s latest insights on LightSpy malware, targeting both iOS and macOS. Learn about the evolving tactics, new destructive features, and the importance of keeping devices updated to defend against these advanced cyber threats.
www.threatfabric.com www.threatfabric.com
 
  • Like
  • Hundred Points
Reactions: silversurfer, simmerskool and harlan4096

Similar threads

silversurfer
    • Like
    • +Reputation
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
Replies
0
Views
1,312
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
Malware News Over 6,000 WordPress hacked to install plugins pushing infostealers
Replies
1
Views
1,164
Security News
Victor M
Victor M
Gandalf_The_Grey
    • +Reputation
Malware News New Octo Android malware version impersonates NordVPN, Google Chrome
Replies
0
Views
1,600
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top