And the final malware payload would automatically download to the victims device before the original malicious message and attachment selfdeleted.
Kasperskys revelation of the new iOS hacking campaign comes on the same day that Russias FSB intelligence service separately announced a claim that the US National Security Agency has hacked thousands of Russians phones.
This is partly because services like iMessage present unusually fertile ground within iOS for discovering vulnerabilities, but also because attacks on iOS devices with this approach are often very difficult for victims to detect.
Kaspersky, arguably one of the best exploit detection companies in the world, was potentially hacked via an iOS zeroday for five years, and it was only discovered now, says longtime macOS and iOS security researcher Patrick Wardle. That shows how ridiculously hard it is to detect these exploits and attacks.
In their report, the Kaspersky researchers point out that one of the reasons for this difficulty is iOSs lockeddown design, which makes it very tough to inspect the operating systems activity.
The campaign, which the researchers callOperation Triangulation andsay is ongoing, appears to date back to 2019 and utilized multiple vulnerabilities in Apples iOS mobile operating system to let attackers take control of victim devices.
Kaspersky says the attack chain utilized zeroclick exploitation to compromise targets devices by simply sending a specially crafted message to victims over Apples iMessage service.