Security experts at Trend Micro have observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as
Attackers used malicious links spread through posts on forums popular in Hong Kong, which led users to real news sites that were compromised with the injection of a hidden
“A recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news sites, they also use a hidden iframe to load and execute malicious code.” reads the analysis of the Operation Poisoned
The attack leverages security flaws affecting iOS 12.1 and 12.2 devices, the
The backdoor supports the
The malware also targets popular messenger applications such as Telegram, QQ, and WeChat.
Trent Micro experts uncovered a similar campaign aimed at Android devices in 2019, the threat actors were distributing malicious APKs through public Hong Kong-related Telegram channels.
The researchers tracked the Android malware family as
On February 19, Trend Micro uncovered a watering hole attack targeting iOS users with URLs pointing to a malicious website containing three iframes that pointed to different sites.
“The only visible
Attackers shared the links on forums popular with Hong Kong residents, they used either sex-related,
The analysis of the exploit chain revealed the use of a silently patched Safari issue and a custom kernel exploit exploiting the CVE-2019-8605 flaw that allowed the attackers to gain root privileges.
“Taken together, this threat allows the threat actor to thoroughly compromise an affected device and acquire much of what a user would consider confidential information. Several