The cybersecurity community has issued a warning regarding a sophisticated cyberattack dubbed “Triangulation” that specifically targets Apple’s mobile devices. The attack aims to compromise iPhones belonging to middle and upper management staff, particularly those working in the web3 sector.
Exploiting vulnerabilities within the iOS operating system, the Triangulation attack relies on hidden iMessages containing malicious payloads to infiltrate devices. Once successfully executed, the malware installs itself without the user’s knowledge or consent, enabling it to clandestinely record and transmit audio, video, and other sensitive data from the device’s microphone, instant messenger, and location services to remote servers.
The discovery of this insidious malware was made possible through the use of the Kaspersky Unified Monitoring and Analysis Platform (KUMA), a crucial security information and event management tool. KUMA detected network irregularities in Apple devices, leading cybersecurity researchers to identify the Triangulation malware on several iPhones owned by high-ranking personnel.
Given the closed nature of the iOS environment, detecting and removing malware from iPhones remains a challenging task. To address this critical need for early detection and mitigation, security researchers have developed a specialized tool called “triangle_check.” Once thoroughly tested, this tool will be made freely available to assist in identifying signs of compromise in backups created from Apple devices.
Currently, the only available solution to remove the malware from affected iPhones without compromising user privacy is to reset the device to its factory settings and reinstall the latest operating system and user environment. Neglecting to take these measures leaves older iOS versions vulnerable to reinfection by the Triangulation attack.
Of particular concern is the potential impact on the crypto industry, as hackers gaining unauthorized access to iPhones used by crypto users can exploit leaked private information, including geo-location data and messages. This poses a significant risk to the safety, privacy, and integrity of crypto transactions, potentially leading to wallet breaches, compromised transaction security, and identity theft.