Following the report on the Operation Triangulation campaign targeting iOS devices, Kaspersky researchers have released a special “triangle_check” utility that automatically searches for the malware infection. The tool is publicly shared on GitHub and available for macOS, Windows and Linux.
On June 1, 2023, Kaspersky reported about a new mobile APT that has been targeting iOS devices. The campaign employs zero-click exploits delivered via iMessage to install malware and gain complete control over the device and user data, with the ultimate goal of hiddenly spying on users. Among the victims were Kaspersky’s own employees; however, the company’s researchers believe the scope of the attack extends far beyond the organization. Continuing the investigation, Kaspersky researchers aim to bring more clarity and further details on the worldwide proliferation of this spyware.
The initial report already included a detailed description for self-checking compromise trail mechanisms using the MVT tool. Recently, Kaspersky publicly released on GitHub a special utility called “triangle_check”. This utility, available for macOS, Windows and Linux in Python, allows users to automatically search for traces of malware infection and therefore check whether a device has been infected or not.
Before installing the utility, the user should first do a backup of the device. Once a back up copy is created, a user can install and run the tool. If indicators of compromise are detected, the tool will show a “DETECTED” notification that confirms the device has been infected. The “SUSPICION” message indicates detection of less unambiguous indicators – pointing to a likely infection. A “No traces of compromise were identified” message will be shown if no IoCs were detected at all.
“Today we are proud to release a free public tool that allows users to check whether they were hit by the newly emerged sophisticated threat. With cross-platform capabilities, the “triangle_check” allows users to scan their devices automatically,” commented Igor Kuznetsov, head of the EEMEA unit at Kaspersky Global Research and Analysis Team (GReAT).
“We urge the cybersecurity community to unite forces in the research of the new APT to build a safer digital world,” added Kuznetsov.
To learn more about how to use the “triangle_check”, read the blogpost.
To learn more about the “Operation Triangulation”, visit Securelist.com.