South Asian iPhone Users Beware: iOS Spyware Implant 'Lightspy' Might Target You in Latest Campaign

Lightspy was first documented in 2020.

Cybersecurity researchers have unearthed a "renewed" cyber espionage campaign sweeping through South Asia. This dangerous operation aims to infiltrate users' devices with an Apple iOS spyware implant known as LightSpy.

If you're currently living in either Afghanistan, Bangladesh, Bhutan, India, Iran, Maldives, Nepal, Pakistan, or Sri Lanka, watch out for this spyware on your iPhone.

Advanced Features of LightSpy

South Asian IPhone Users Beware: iOS Spyware Implant 'Lightspy' Might Target You in Latest Campaign
Experts believe that the newest campaign is orchestrated by Chinese hackers. In fact, the latest iOS spyware called "Lightspy" is targeting South Asian users, most probably iPhone users from India. blocks from Unsplash

Dubbed "F_Warehouse" in its latest iteration, LightSpy boasts an organized modular framework equipped with extensive spying capabilities, as highlighted in a recent report by the BlackBerry Threat Research and Intelligence Team.

Evidence suggests that the campaign may have specifically targeted users in India, based on VirusTotal submissions originating from within the country.

Evolution of LightSpy

Initially identified in 2020 by Trend Micro and Kaspersky, LightSpy operates as an advanced iOS backdoor. It spreads through watering hole attacks, leveraging compromised news websites.

An analysis by ThreatFabric in October 2023 revealed striking infrastructure and functionality similarities between LightSpy and DragonEgg, an Android spyware linked to the Chinese nation-state group APT41 (aka Winnti).

Intrusion Vector

While the exact entry point remains unclear, it's suspected that the initial intrusion occurred through breached news websites frequented by the targeted individuals, The Hacker News reports.

How LightSpy Operates

LightSpy is a heterogeneous espionage tool, capable of harvesting sensitive data such as contacts, SMS messages, location information, and sound recordings from VoIP calls. Its latest version extends its reach to steal files and data from popular apps like Telegram, QQ, and WeChat, along with iCloud Keychain data and web browser history.

Advanced Espionage Features

Moreover, LightSpy can compile a list of connected Wi-Fi networks, gather details about installed apps, capture images using the device's camera, record audio, and execute shell commands received from the server, potentially granting full control over infected devices.

Potential State-Sponsored Activity

Examination of the implant's source code suggests the involvement of native Chinese speakers, hinting at potential state-sponsored activity. LightSpy communicates with a server located at 103.27[.]109[.]217, hosting an administrator panel with error messages in Chinese.

Escalating Mobile Espionage Threats

The resurgence of LightSpy, now equipped with the versatile "F_Warehouse' framework," underscores a significant escalation in mobile espionage threats, posing severe risks to individuals and organizations across Southern Asia, according to BlackBerry.

"LightSpy employs certificate pinning to prevent detection and interception of communication with its command-and-control (C2) server. Thus, if the victim is on a network where traffic is being analyzed, no connection to the C2 server will be established," Blackberry said.

Recently, a mercenary spyware targeted iPhone users in 92 countries. The Cupertino firm issued a warning that their devices might be remotely compromised by the unknown group of cybercriminals.

Earlier this year, there was another iPhone spyware threat that users. The infamous Pegasus spyware can hinder reboots and capture the user's personal information. However, Kaspersky shared some ways to protect yourself from this iOS spyware.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics