Friday, November 22, 2024
Homecyber securityA New iPhone Zero-Click iMessage Zero-Day Used to Deploy Pegasus Spyware

A New iPhone Zero-Click iMessage Zero-Day Used to Deploy Pegasus Spyware

Published on

The security researchers of the Citizen Lab Research Center at the University of Toronto have recently discussed reading a vulnerability in iOS that can be easily exploited in just one click.

However, the report pronounced that this vulnerability was unknown earlier, but the experts came to know about it as this vulnerability was exploiting different attacks since February 2021.

According to the reports, this vulnerability has been exploited in attacks against various activists and protesters in Bahrain. And now the security analysts have detected a new exploit to the Israeli commercial spyware maker NSO Group.

- Advertisement - SIEM as a Service

New iPhone Zero-Click Exploit Popped Up in February 2021 

The new iPhone Zero-click exploits were detected in February 2021, the NSO Group initiated the attacks using the new iMessage zero-click. 

While the Citizen Lab affirmed that while investigating the exploit they noted the FORCEDENTRY exploit strongly deployed against iOS variants 14.4 and 14.6 as a zero-day.

After the specific investigation, the analyst asserted that disabling iMessage will commence to other issues, such as sending unencrypted messages that a resourceful cybercriminal can easily guess.

NSO Group’s Pegasus used in high-profile attacks

This attack has a long string, and the vulnerability is a part of this huge attack. During the investigation, experts noticed that the NSO Group’s Pegasus spyware was utilized to spy on reporters and human rights defenders (HRDs) worldwide.

But, Pegasus is a spyware tool that was specifically produced by Israeli surveillance firm NSO Group. This tool was marketed as surveillance software “licensed to legal government companies for the single purpose of reviewing the crime and terror.”

It’s not the first time that the security authorities have detected the Pegasus tool, as per the report the Citizen Lab has discovered some Pegasus licensees in 2018, which were being used for cross-border surveillance in different countries along with state security services.

Guarding Against Zero-Click Attacks Involves Tradeoffs 

This specific attack might be prevented by disabling iMessage and FaceTime. Apart from these two messaging apps, the NSO Group has successfully exploited many other apps that also include WhatsApp.

Disabling iMessage and FaceTime would not help to stop this attack, and it will not provide complete protection to the victim. Apart from this disabling iMessage is a long method that means the messages transferred via Apple’s built-in Messages app would be sent unencrypted and it makes a way for the threat actors to intercept.

However, the researchers are not clear about the whole concept of the threat actor that they are implementing. But the recent discoveries imply that the NSO Group’s customers are able to remotely compromise all current iPhone models and versions of iOS.

Moreover, there are many programs that the NSO Group is dealing with, that’s why the analysts have suggested all the customers stay alert regarding this kind of attack.

Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity News & Updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...