Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

LightSpy Malware Gains New Destructive Power

October 31, 2024
Reading Time: 2 mins read
in Alerts
Android FakeCall Malware Hijacks Bank Calls

A recent version of the LightSpy malware targeting iOS has been reported to include over a dozen new plugins, significantly increasing its destructive capabilities. Discovered by the cybersecurity firm ThreatFabric, this version builds upon the malware’s initial discovery in 2020 when it was linked to data theft from iPhone users in Hong Kong.

The malware previously exploited iOS vulnerabilities to take control of devices and steal a variety of sensitive information, including location data, call and browser history, messages, and passwords. The new research also indicates that LightSpy has expanded its reach, with variants identified for Android and macOS systems. ThreatFabric’s analysis reveals that the updated iOS version of LightSpy has increased its plugin count from 12 to 28, enabling it to perform more extensive malicious activities.

This new iteration targets iOS versions up to 13.3 and leverages two specific vulnerabilities: CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation. The initial exploit typically occurs through malicious websites that exploit the Safari browser vulnerability, initiating a complex process that includes a jailbreak stage, loader stage, and the deployment of the malware’s core functionality.

The capabilities of the LightSpy malware have also evolved significantly. In addition to stealing sensitive information, the malware can now execute destructive actions such as preventing devices from booting, deleting browser history, and removing specified contacts and media files. This escalation in destructive potential indicates that the threat actors prioritize erasing traces of their activities on compromised devices. Although the jailbreak used by the malware does not survive device reboots—prompting a regular reboot as a recommended security measure—it does not ensure protection against reinfection.

Further investigations by ThreatFabric have linked the operators of LightSpy to a state-sponsored group, likely of Chinese origin. The malware’s reliance on publicly available exploits and jailbreak kits showcases the attackers’ advanced understanding of device vulnerabilities and modular architecture. This heightened sophistication in the LightSpy malware emphasizes the continuous threat posed by these cybercriminals, who remain capable of adapting their tactics to infiltrate systems and extract valuable data while evading detection.

Reference:

  • https://www.threatfabric.com/blogs/lightspy-implant-for-ios
Tags: Apple iOSCyber AlertsCyber Alerts 2024Cyber threatsiOSOctober 2024
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial