ON June 1, 2023, Kaspersky shed light on a highly sophisticated mobile APT that specifically targeted iOS devices. Leveraging zero-click exploits delivered through iMessage, this malicious campaign aimed to gain complete control over devices, compromising user data and engaging in secretive surveillance.
Shockingly, even Kaspersky employees fell victim to this insidious attack, leading researchers to believe its impact stretches far beyond their organization. Keen on unravelling the full scope of this global spyware proliferation, Kaspersky continues to diligently investigate and seek further insights.
The initial report featured a comprehensive description of self-checking compromise trail mechanisms utilizing the MVT tool. Building upon this, Kaspersky has now publicly released the “triangle_check” utility on GitHub. Developed using Python, this utility is designed to automatically scan devices for traces of malware infection, offering users a convenient method to determine if their device has been compromised.
In response to the alarming Operation Triangulation campaign targeting iOS devices, Kaspersky researchers have taken swift action by developing a powerful utility called “triangle_check” for malware detection. This cutting-edge tool, now available on GitHub, is compatible with macOS, Windows, and Linux operating systems.
Before proceeding with the installation, it is essential for users to create a backup of their device. Once the backup is complete, the “triangle_check” utility can be installed and run. Upon scanning, if indicators of compromise are detected, a clear “detected” notification will confirm the device has been infected. In some cases, the tool may display a “suspicion” message, suggesting the presence of less conclusive indicators that point to a likely infection. On the other hand, if no indicators of compromise are found, the reassuring message “No traces of compromise were identified” will be displayed.
Igor Kuznetsov, the head of the EEMEA unit at Kaspersky Global Research and Analysis Team (GReAT), expressed his pride in releasing this invaluable free tool to the public. With its cross-platform capabilities, “triangle_check” empowers users to automatically scan their devices and assess their security status.
“Today we are proud to release a free public tool that allows users to check whether they were hit by the newly emerged sophisticated threat. With cross-platform capabilities, the “triangle_check” allows users to scan their devices automatically,” Kuznetsov said.
Kuznetsov emphasized the importance of collaboration within the cybersecurity community in tackling this emerging APT threat, highlighting the need for a united effort to build a safer digital world. Kaspersky’s commitment to innovation and proactive solutions remains unwavering as they combat the ever-evolving landscape of cyber threats.
“We urge the cybersecurity community to unite forces in the research of the new APT to build a safer digital world,” added Kuznetsov.
To learn more about how to use the “triangle_check”, read the blogpost.
To learn more about the “Operation Triangulation”, visit Securelist.com.
