Apple iPhone users have been issued a new warning after security researchers found a prolific and dangerous spyware campaign has returned. Researchers from security outfit and former smartphone giant BlackBerry discovered a spyware campaign dubbed “LightSpy” targeting iPhone users in Southern Asia and “probably India.”
It comes after Apple issued a spyware warning last week, with iPhone users in 92 countries receiving alerts to indicate their device may have been compromised. The LightSpy campaign ties in with this warning, with iPhones in India being targeted, submissions from malware analysis website VirusTotal show.
Researchers from BlackBerry discovered a spyware campaign dubbed “LightSpy” targeting iPhone users … [+]
The location of the iPhone spyware campaign potentially indicates “a renewed focus on political targets and tensions in the region,” according to the blog posted by the BlackBerry researchers.
LightSpy is “particularly dangerous” because it can allow an attacker to locate their target with “near-perfect accuracy,” the BlackBerry researchers said.
What is LightSpy iPhone spyware?
It’s not the first time LightSpy has been discovered. The iPhone spyware—described as a “sophisticated iOS implant,” was first reported in 2020 amid rising political tensions in Hong Kong.
The latest iteration of LightSpy has more extensive spying features than the first, the researchers said.
“Specifically, it is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims’ private information, including hyper-specific location data and sound recording during voice over IP (VOIP) calls.”
LightSpy possesses modules designed to exfiltrate iPhone device information and saved files, including data from popular messenger applications such as QQ, WeChat, and Telegram. It also has a plugin capable of crawling the payment history of the victim from WeChat Pay (Weixin Pay in China).
The iPhone spyware can access a user’s contacts, SMS messages, phone call history, GPS location, connected WiFi history and the browser history of Safari and Chrome. “This comprehensive set of features can turn a user’s infected phone into a potent spying device,” the researchers warned.
Evidence such as code comments and error messages strongly suggest the attackers behind LightSpy are native Chinese speakers, raising concerns about potential state-sponsored activity, BlackBerry’s researchers said.
New iPhone Spyware Warning—The Risk
It’s a scary warning and something that all iPhone users should be careful of. However, spyware tends to target a specific subset of users.
“Though typically deployed against a very small percentage of individuals—most usually journalists, activists, politicians and diplomats—hyper-focused spyware attacks are an ongoing and global threat,” BlackBerry researchers warned.
Any iPhone users who fit into this category can use Apple’s super-secure anti-spyware tool Lockdown Mode to help prevent an attack.
Spyware itself is very hard to detect, but signs your iPhone could be compromised include a very hot or a slowed device. It’s worth noting that if you switch off your iPhone, it can sometimes disrupt spyware temporarily.
In the case of LightSpy, BlackBerry reckons initial infection likely occurs through compromised news websites carrying stories related to Hong Kong. Therefore, be very careful of the sites you visit and links you click on your iPhone. Only download from sources you trust.
The most important thing here is to ensure you always update your iPhone to the latest software, in this case iOS 17.4.1, by visiting Settings > General > Software Update and downloading and installing it now.