Forwarded from Pegasus NSO & other spyware
Dissecting TriangleDB, a Triangulation spyware implant | Securelist β June 2023
#FORCEDENTRY #Ios #TriangleDB
Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a malicious attachment, and for getting root privileges through a vulnerability in the kernel. Due to this granularity, discovering one exploit in the chain often does not result in retrieving the rest of the chain and obtaining the final spyware payload.In 2021, analysis of iTunes backups helped to discover an attachment containing the FORCEDENTRY exploit. However, during post-exploitation, the malicious code downloaded a payload from a remote server that was not accessible at the time of analysis. Consequently, the analysts lost βthe ability to follow the exploit.β#FORCEDENTRY #Ios #TriangleDB