A new security blog surfaced online, suggesting LightSpy, a piece of spyware that seems to have Chinese connections, was responsible for the most recent attack on Apple iPhones.
Apple warned users in 92 countries on April 11, 2024, about a “mercenary spyware attack” that it thought may have impacted them. With regard to the attack, Apple only disclosed that it was an attempt to “remotely compromise the iPhone.”
A research and intelligence post on the Blackberry Blog states that hackers used LightSpy, “a sophisticated iOS implant,” in the attack. This technology seems to be making a comeback in a new way, albeit it has apparently not been used since 2020, as it was last seen in a campaign during political unrest in Hong Kong.
It looks like hackers are now using LightSpy to target Southern Asian and Indian iPhone users.
The blog says, “Evidence such as code comments and error messages strongly suggest the attackers behind LightSpy are native Chinese speakers, raising concerns about potential state-sponsored activity.”
The post explains how LightSpy operates and evades detection after users install it on an iPhone. The report assumes that LightSpy employs a “watering-hole attack” technique, which targets websites that the target group often visits to acquire access to iPhones.
One of the spyware’s modular versions, “LightSpy F_Warehouse,” offers a variety of spying options. These include the ability to target private files and media on an iPhone and the ability to extract files from WeChat and Telegram apps, among others.
According to Blackberry, LightSpy may also covertly capture audio, including VOIP calls, from an infected iPhone. It can also ascertain what the security blog refers to as hyper-specific location data simultaneously.
BlackBerry suggests using Apple’s Lockdown Mode for folks who could be targets due to their activism or line of work.