Victim of spyware installed via iMessage, Kaspersky publishes a tool to see if you too

Several Kaspersky employees have had their iPhones infected with spyware via a zero-click attack on iMessage. The security publisher does not think it was targeted in particular and publishes a utility to detect if a device is affected.

Security specialist Kaspersky identified an attack by monitoring its own WiFi network. After analysis, it turns out that several employees of the company were victims of a sophisticated APT attack via an iMessage message on their iPhone requiring no click to contaminate it. While the spyware thus installed transmits private information (geolocation, photos, microphone recording, chat) to remote servers, Kaspersky ensures that no customer information has leaked, only data from employee devices.

“When it comes to cybersecurity, even the most secure operating systems can be compromised. As APT players constantly evolve their tactics and look for new weaknesses to exploit, companies must prioritize the security of their systems. This includes prioritizing employee training and awareness, and providing them with the latest threat intelligence and tools to effectively recognize and defend against potential threats,” comments Igor Kuznetsov, Head of Unit EEMEA from Kaspersky Global Research and Analysis Team (GReAT).

Kaspersky has also just published on GitHub a utility for macOS, Windows and Linux in Python, which allows users to automatically search for traces of infection and thus check if their device has been infected. The publisher indicates that the user must make a backup of his device before installing and running the tool in question.