Blog
Share This Post
[ad_1]
SecurityWeek reports that more than a dozen new plugins have been introduced to the LightSpy surveillance tool for iOS, bringing the total number of plugins to 28, many of which have destructive capabilities.
After exploiting the Safari remote code execution flaw, tracked as CVE-2020-9802, for initial access, the updated LightSpy payload triggers an exploit chain with jailbreak and loader stages prior to malware core delivery on devices running on iOS versions up to 13.3, according to ThreatFabric researchers. Aside from enabling photo and screenshot capturing, sound recording, file deletion, and message, contacts, and call and browser history compromise, the new LightSpy variant also facilitates the deletion of browser history, media files, selected SMS messages, and certain contacts, as well as prevents device booting and omit Wi-Fi network configuration profiles, the report noted. “[The destructive capabilities suggest] that the threat actors valued the ability to erase attack traces from the device,” said researchers.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
