The LightSpy spyware has been used by cyberespionage groups to spy on users of iPhones, iPads, and other mobile devices in the South Asian region in a recent cyberespionage campaign. According to reports, the cybercriminals behind this cybercriminal campaign are China-based hackers that have been planning surveillance attacks against a specific area.
As a bonus, this latest version of LightSpy, codenamed 'F_Warehouse,' features a modular structure which significantly enhances the spying abilities of the program.
As a result of some of the most alleged infected individuals who are coming from India, initial investigations suggest a possible focus on the country.
Researchers found that Apple iOS spyware, known as LightSpy, is being used in cyber espionage campaigns targeting South Asia. This sophisticated mobile spyware has resurfaced after a period of inactivity that dates back several months.
In a report published by the Blackberry Threat Research and Intelligence Team, cyber security researchers have stated that the most recent version of the LightSpy campaign uses an extremely sophisticated spying framework in combination with a modular framework.
To protect its command and control servers from being interception and detected, LightSpy employs a certificate-pinning strategy. It is believed that the campaign primarily targets iPhone users in India, although there have been reports of incidents taking place in Bangladesh, Sri Lanka, Afghanistan, Pakistan, Bhutan, the Maldives, and Iran in recent times as well.
Hackers have been suspected of exploiting hacker websites to facilitate the deployment of LightSpy spyware, as previously observed in previous campaigns, by using hacked news websites that had Hong Kong-related stories, as they did in previous campaigns.
In a BlackBerry report, the company uncovered that the loader enables the delivery of the core implant along with several plugins that enhance the capabilities of the primary backdoor.
It is considered that LightSpy is an iOS backdoor attack that spreads via watering hole attacks, in which popular websites are infected and then targeted by attackers who attack them when they visit these infected websites and gain access to their systems or mobiles.
According to the BlackBerry security agency, it has been discovered that the latest spyware attacks may have been coordinated by news websites that were infected and visited by targeted individuals who then installed LightSpy on their computers.
A spyware program such as this usually gathers information such as phone numbers, SMS messages, exact location and voicemail from your computer, among other things.
The report suggests that the attack was carried out by Chinese hackers, as its infrastructure and functionality were very similar to that of DragonEgg spyware, a Chinese nation-state hacker group which has been linked to the attack. Accordingly, Chinese hackers are suspected of conducting the attack.
Specifically, the report claims that LightSpy is capable of analyzing location data, sound recordings, contacts, SMS messages, and data from apps such as WeChat and Telegram to extract sensitive information from your phone.
There is a growing threat of mobile espionage threat campaigns that is highlighted by the re-emergence of the LightSpy spyware implants. Apple’s security updates are all the more important after the recent mercenary spyware attacks that affected iPhone users in 92 countries. The campaign is in line with the recent mercenary spyware attack that had impacted iPhone users all over the world.
As the agency points out, the most recent version of LightSpy discovered this month is also capable of retrieving files and data from popular apps like Telegram, WeChat, and iCloud Keychain data as well as the history of your web browsers in Safari and Chrome. There is indication that state-sponsored involvement may have been involved in the development of LightSpy in the form of permission pinning which prevents communication interception with its C2 server, as well as the presence of Chinese language artefacts in the implant's source code.
According to Apple's recent threat notifications, which have been sent to users in 92 countries, including India, the situation has become more severe. It is unsurprising that LightSpy, a mobile spy tool with attractive new capabilities, has made a resurgence and is now posing an alarming threat to individuals and organisations throughout Southern Asia, indicating an alarming escalation in mobile spying attacks.