Warning: LightSpy iOS Spyware Campaign Resurfaces
A team of cybersecurity experts has detected a resurgence of a cyberespionage campaign targeting users in South Asia. The objective of these attacks is to deploy a new version of the malicious software LightSpy, specifically targeting iOS users.
“The latest iteration of LightSpy, dubbed “F_Warehouse”, boasts a modular framework with extensive spying features,” reported the research division of BlackBerry.
According to experts, this malicious campaign appears to be predominantly directed at India, as evidenced by numerous submissions of samples to VirusTotal from the region.
LightSpy is a sophisticated iOS backdoor first identified in 2020. It is primarily spread through compromised news websites. In October 2023, specialists at ThreatFabric established a connection between LightSpy and the Android malware DragonEgg, which is attributed to the Chinese group APT41.
The initial point of infection for the latest malicious campaign remains uncertain, but researchers suggest that compromised news resources have once again been exploited.
Once fully deployed, LightSpy enables perpetrators to gather from the victims’ iPhones contacts, SMS messages, location data, and record audio during VoIP calls. Moreover, the latest version of the malware can even steal data from popular messengers, iCloud passwords, and browser histories.
The malware utilizes “Certificate Pinning” technology to prevent detection of its communication with a command server. Additionally, code analysis suggests the involvement of Chinese-speaking developers, indicating potential backing by the Communist Party of China.
“The return of LightSpy, now equipped with the versatile “F_Warehouse” framework, signals an escalation in mobile espionage threats. The expanded capabilities of the malware, including extensive data exfiltration, audio surveillance, and potential full device control, pose a severe risk to targeted individuals and organizations in Southern Asia,” concluded the BlackBerry experts.