Earlier in August, security researchers for Google’s Project Zero disclosed a wild iOS exploit which would allow a malware to completely take control of a targeted device with no interaction from the device user themselves. Apple finally fixed the issue, though there is no sign that the exploit was really used in the wild.
However, the same cannot be said about a new malware recently uncovered by security researchers for Google’s Project Zero. In a shocking report, Ian Beer of Project Zero discloses how a number of hacked websites spread malware to any iOS device which visited the site. The malware depended upon quite a few 0-day vulnerabilities in iOS and infected devices running iOS 10 through iOS 12, as reports say.
The sites distributing the malware weren’t mentioned, however are said to receive more than thousand visitors per week. And speaking about the complexity of the attack, the malware depended upon a series of 14 security exploits.
Beer says, “TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
Once an infected website was visited, malware inserted onto the device started collecting all types of sensitive user info in the background. The report says, this iOS malware was able to gather a lot of data, including text messages, photos as well as GPS location in real-time.
These impacted websites were reported to have been in operation for two years before Google came across it. This past February, Apple fixed the issue with a security update.
Google’s researchers don’t directly identify who was the target, however they do hint it focused on people belonging to a “certain ethnic group.” Many security researchers believe that the malware is backed by a state.