Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,579
- Points
- 113
Hackers are getting more sophisticated.
In early summer, Kaspersky Lab experts discovered a large-scale cyber operation aimed at infecting the iPhone of Russian users. This operation is called "Operation Triangulation". Russian officials blamed the American special services for organizing it.
Apple has declared its non-involvement in spyware attacks and released patches to fix vulnerabilities that were used for hacking.
Many Russian organizations have decided to stop using the iPhone. Meanwhile, Kaspersky Lab continued to investigate this operation.
According to a recent report, the attackers behind "Operation Triangulation" made every effort to hide their activity. Their software collected extensive information from devices, including audio recordings, messenger data, photo metadata, and more. Special attention should be paid to the fact that the malware could also function on computers running the macOS operating system.
Highlights of the report:
Validation components: Describes the chain of infection of the "Triangulation" operation, where a malicious iMessage message is sent to the device, triggering the execution of the exploit chain, which ultimately leads to loading the TriangleDB implant. There are two "validators" in this chain: a JavaScript-based one and a binary validator. These validators collect and send various information about the victim's device to the command server. This is done to make sure that the iPhone or iPad that you are going to download TriangleDB to is not a research device.
JavaScript Validator: The infection chain starts when the user receives an iMessage with an attachment containing the exploit. This exploit opens an HTML page on the backuprabbit domain[.] com, where the obfuscated JavaScript code and the encrypted payload-the JavaScript validator — are located. This validator performs many checks, including using Canvas Fingerprinting technology to collect data about the device.
Binary validator: This validator is a Mach-O binary file and runs before loading TriangleDB. It decrypts the configuration using the AES algorithm and performs a number of actions, such as deleting logs, searching for traces of malicious iMessage messages, and collecting user data.
Search for traces in logs: The attackers behind the operation "Triangulation" strive for maximum secrecy. After successfully executing all exploits and running the implant on the device, it sends a signal message to the command server. Then it receives commands related to finding logs that may contain traces of infection.
The report highlights the complexity and sophistication of the methods used by attackers, and the need for constant monitoring and analysis of threats to ensure the security of devices.
In early summer, Kaspersky Lab experts discovered a large-scale cyber operation aimed at infecting the iPhone of Russian users. This operation is called "Operation Triangulation". Russian officials blamed the American special services for organizing it.
Apple has declared its non-involvement in spyware attacks and released patches to fix vulnerabilities that were used for hacking.
Many Russian organizations have decided to stop using the iPhone. Meanwhile, Kaspersky Lab continued to investigate this operation.
According to a recent report, the attackers behind "Operation Triangulation" made every effort to hide their activity. Their software collected extensive information from devices, including audio recordings, messenger data, photo metadata, and more. Special attention should be paid to the fact that the malware could also function on computers running the macOS operating system.
Highlights of the report:
Validation components: Describes the chain of infection of the "Triangulation" operation, where a malicious iMessage message is sent to the device, triggering the execution of the exploit chain, which ultimately leads to loading the TriangleDB implant. There are two "validators" in this chain: a JavaScript-based one and a binary validator. These validators collect and send various information about the victim's device to the command server. This is done to make sure that the iPhone or iPad that you are going to download TriangleDB to is not a research device.
JavaScript Validator: The infection chain starts when the user receives an iMessage with an attachment containing the exploit. This exploit opens an HTML page on the backuprabbit domain[.] com, where the obfuscated JavaScript code and the encrypted payload-the JavaScript validator — are located. This validator performs many checks, including using Canvas Fingerprinting technology to collect data about the device.
Binary validator: This validator is a Mach-O binary file and runs before loading TriangleDB. It decrypts the configuration using the AES algorithm and performs a number of actions, such as deleting logs, searching for traces of malicious iMessage messages, and collecting user data.
Search for traces in logs: The attackers behind the operation "Triangulation" strive for maximum secrecy. After successfully executing all exploits and running the implant on the device, it sends a signal message to the command server. Then it receives commands related to finding logs that may contain traces of infection.
The report highlights the complexity and sophistication of the methods used by attackers, and the need for constant monitoring and analysis of threats to ensure the security of devices.
