Cybersecurity firm Kaspersky has launched a tool to identify ‘Triangulation’ malware on Apple iPhones and other iOS devices. The malware, discovered on Kaspersky’s network, has infected multiple iOS devices globally since at least 2019.
The ‘Operation Triangulation’ campaign exploits an unknown zero-day vulnerability in iMessage to execute code without user interaction, allowing further payloads to be downloaded for command execution and information collection.
Kaspersky’s ongoing analysis of the malware has prompted the release of an automated Triangulation scanner for Windows and Linux. Users must create backups of their iOS devices, and Kaspersky’s ‘triangle_check’ scanner can then be used to analyze the backups.
The scanner outputs three results: “DETECTED” indicates a confirmed infection, “SUSPICION” suggests indicators of compromise but lacks conclusive evidence, and “No traces of compromise” implies no signs of infection from the specific malware family.
While the origin and orchestrators of Operation Triangulation remain unknown, targeted malware campaigns like this primarily aim at specific individuals or organizations. Kaspersky’s tool provides a useful resource for individuals in critical roles, those at a heightened risk of state-sponsored espionage, and individuals working in information hub companies or services.
Ongoing analysis may reveal additional indicators of compromise or new variants targeting more recent iOS releases.
