LightSpy Malware: An Hidden Threat to iPhone Users

A sophisticated spyware attack has been uncovered, targeting certain iPhones. After Apple issued a warning, cybersecurity experts were able to trace the origins of the LightSpy malware, revealing a highly advanced spyware with potential links to China.

Apple’s Warning to iPhone Users

A few days ago, Apple alerted some of its iPhone users about a potential cyberattack involving “mercenary spyware“. The Californian tech giant sent an email warning to users across 92 different countries, indicating that the attack aimed to remotely control their iPhones. This incident recalls Apple’s commitment to notify users of spyware attacks following the Pegasus scandal in 2021. In that case, the spyware, developed by the Israeli group NSO, enabled state actors to monitor and spy on iPhone users. Apple’s warning system has issued alerts to users from more than 150 countries to date.

Exposing the LightSpy Malware

The investigation into the recent attack led by BlackBerry researchers identified the spyware as LightSpy, a sophisticated iOS malware first discovered in 2020. The spyware was reportedly used by entities with “active servers in China, Singapore, and Russia“. According to BlackBerry, the cybercriminals behind LightSpy are likely of Chinese origin. This resurgence of LightSpy, after years of relative dormancy, brings with it new and “modular” features, with cybercriminals adding a suite of dangerous tools.

The spyware is designed to steal documents stored on an iPhone, as well as files shared through messaging applications like WeChat and Telegram. It can also record all phone calls made with the iPhone and gather highly specific location data, enabling precise tracking of a target. Additionally, the malware can access a user’s contacts, SMS messages, call history, GPS location, Wi-Fi connection history, and browser history on Safari and Chrome.

Suspected Links to Chinese State Actors

The recent attack primarily targeted individuals from South Asia and India, with a focus on journalists, activists, politicians, and diplomats. BlackBerry researchers suggested that the operation might be state-sponsored, given evidence indicating the attackers behind LightSpy are native Chinese speakers. This raises concerns about potential state-backed activities.

In recent weeks, China has faced a slew of cyberattack accusations from various countries. The United States claimed that Beijing had planted espionage malware within the infrastructure of several military bases and water management systems. The United Kingdom also suspects China of being behind a series of attacks against British institutions, including the hacking of the Electoral Commission. China has strongly denied these allegations from both the UK and the US.

The revelation of LightSpy’s identity and its potential ties to China underscore the ongoing threat posed by sophisticated cyberattacks. As Apple continues to investigate and alert users to these dangers, individuals and organizations must remain vigilant against this type of emerging threats and take appropriate measures to secure their devices and data.

Photo Credit: Pungu x / Adobe Stock

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Stan Deberenx

Stan Deberenx is the Editor-in-Chief of Defensorum. Stan has many years of journalism experience on several publications. He has a reputation for attention to detail and journalist standards. Stan is a literature graduate from Sorbonne University, with a master's degree in management from Audencia/University of Cincinnati.