Tag Archive for: ‘ZeroClick’

Kaspersky Discloses Apple Zero-Click Malware

/in


Endpoint Security

Russian Government Claims It Uncovered ‘Several Thousand’ Infections

Akshaya Asokan (asokan_akshaya) •
June 1, 2023    

Kaspersky Discloses Apple Zero-Click Malware
iPhones for sale in St. Petersburg, Russia, in August 2021 (Image: Shutterstock)

Russian cybersecurity firm Kaspersky said it uncovered zero-click malware infecting staffers’ iPhones on the same day the Kremlin claimed it had uncovered a “reconnaissance operation by American intelligence agencies.”

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

Kaspersky, in a Thursday blog post, said the malware has been active at least since 2019 and infects devices with an iMessage attachment that automatically triggers code execution. Kaspersky calls the campaign behind the malware Operation Triangulation.

Russian domestic intelligence agency the Federal Security Service said it had uncovered several thousand iPhones infected with the same malware and accused Apple of collaborating with the U.S. National Security Agency.

The malware exfiltrates data including microphone recordings, photos from instant messaging apps, geolocation and other sensitive data. The Russian National Coordination Center for Computer Incidents issued a bulletin listing the same set of 15 malware command-and-control domains that Kaspersky identified.

Apple, which has a well-documented history of defying U.S. government attempts to weaken its security, issued a terse statement.

“We have never worked with any government to insert a backdoor into any Apple product and never will,” an Apple spokesperson said.

The smartphone giant also said that Kaspersky had reported the malware doesn’t work past the iOS 15.7 iPhone operating system. Apple introduced iOS 16 to the public last September.

A Kaspersky spokesperson said the company determined one of the vulnerabilities used by the malware was CVE-2022-46690, an out-of-bounds…

Source…

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

/in


Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021. The names of the victims were not disclosed.

It’s also suspected that the company abused a zero-click exploit dubbed ENDOFDAYS in iOS 14 to deploy spyware as a zero-day in version 14.4 and 14.4.2. There is no evidence that the exploit has been used after November 2021.

ENDOFDAYS “appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims,” the researchers said, adding the .ics files contain invites to two backdated and overlapping events so as to not alert the users.

The attacks are suspected to have leveraged a quirk in iOS 14 that any iCloud calendar invitation with a backdated time received by the phone is automatically processed and added to the users’ calendar without any notification or prompt.

The Microsoft Threat Intelligence team is tracking QuaDream as DEV-0196, describing it as a private sector offensive actor (PSOA). While the cyber mercenary company is not directly involved in targeting, it is known to sell its “exploitation services and malware” to government customers, the tech giant assessed with high confidence.

The malware, named KingsPawn, contains a monitor agent and the primary malware agent, both of which are Mach-O files written in Objective-C and Go, respectively.

While the monitor agent is responsible for reducing the forensic footprint of the malware to evade detection, the main agent comes with capabilities to gather device information, cellular and Wi-Fi data, harvest files, access camera in the background, access location, call logs, and iOS Keychain, and even generate an iCloud time-based one-time password (TOTP).

Other samples support recording audio from phone calls and the microphone, running queries in SQL databases, and cleaning up forensic trails, such as deleting all calendar events from two years prior…

Source…

Galaxy S23 Gets Samsung Message Guard To Protect Against Zero-Click Hacks

/in


In a press note announcing Samsung Message Guard, the company describes the solution as an advanced “sandbox” and a “virtual quarantine.” The primary objective of Message Guard is to isolate messages delivered to the smartphone before it can access the device’s files and operating system. Every time a text message is delivered to a Samsung smartphone protected by Message Guard, the tool checks the file bit by bit. This process happens in a controlled environment in such a way that it cannot infect the rest of the smartphone.

Samsung claims that the Message Guard tool preemptively neutralizes any threat hidden in text messages and image files before they could harm the device. What makes the tool even more effective is that it does not need to be enabled separately by the user, and runs invisibly in the background without needing any user interaction. 

In its current form, the tool works with Samsung’s own Messaging app as well as Google Messages. However, Samsung has promised a software update that will also widen the protection net to third-party messaging apps.

Samsung Message Guard is currently enabled by default on the company’s newest Galaxy S23 smartphones. However, the solution will roll out to a broader lineup of Galaxy smartphones and tablets later this year, the company confirmed.

Source…

How Samsung’s New ‘Message Guard’ Protects Your Phone From ‘Zero-Click’ Attacks

/in


Photo: Framesira (Shutterstock)

Photo: Framesira (Shutterstock)

Hackers and bad actors are always looking for new methods of attack. One of those attacks is known as “zero-click,” which can infect your phone without you having to do anything at all. Samsung wants to be the face of the solution to this emerging problem, implementing a new security tool for its latest devices known as Samsung Message Guard.

What are “zero-click” exploits?

Zero-click exploits are a particularly nasty kind of security vulnerability. While many attacks rely on you, the user, clicking on a malicious URL or downloading a file containing malware, zero-click exploits don’t require you to do a thing to attack. All a bad actor needs to do is send you the malicious file: Once you receive the message on your phone, you’re already infected.

Read more

How Samsung Message Guard keeps your phone safe

With Samsung Message Guard is enabled on your device, the tool looks out for incoming images in your messages. When one arrives, it isolates that image, and doesn’t allow it to communicate with the rest of the device, in what’s known as a “sandbox.”

Message Guard then scans the message bit by bit for any trace of malicious code. If there is an issue, the image won’t be able to run its code with any other part of your phone, preventing a zero-click attack from ever occurring. It’s a smart strategy, and hopefully ruins the day of anyone relying on zero-click to spread malware around our smartphones.

Which phones are compatible with Samsung Message Guard?

At launch, Samsung Message Guard is only available on the latest suite of Galaxy devices, which includes the Galaxy S23, S23+, and S23 Ultra. Samsung has plans for Message Guard to roll out to other Galaxy phones and tablets later this year, so long as the device is running One UI 5.1.

This isn’t a gimmick to force you to use Samsung Messages, either. If you prefer Google’s Messages app, keep using it, since Samsung Message Guard works with it as well. Even better, Samsung plans to issue an update at a later point, allowing Message Guard to work with third-party chat apps.

[The Verge]

More from Lifehacker

Sign up for Lifehacker’s Newsletter. For the latest news,

Source…