Kaspersky's Global Research and Analysis Team has unveiled a new, lightweight method to detect sophisticated iOS spyware, including notorious threats like Pegasus, Reign and Predator.
Writing in an advisory published today, the researchers said they focused on analyzing the previously overlooked forensic artifact, Shutdown.
Log, which is stored within the sysdiagnose archive of iOS devices and retains information from each reboot session.
Anomalies associated with Pegasus became apparent during the reboot.
They were then corroborated by observations from the broader cybersecurity community.
Kaspersky researchers suggested that this log file holds the potential for identifying infections related to these malware families.
To empower users in the fight against iOS spyware, Kaspersky experts have also developed a self-check utility shared on GitHub.
This Python3 script facilitates the extraction, analysis and parsing of the Shutdown.
Log artifact, catering to macOS, Windows and Linux users.
More generally, and in light of the increasing sophistication of iOS spyware, Kaspersky recommended several measures to safeguard against potential attacks.
These include daily reboots to disrupt potential infections, utilizing Apple's lockdown mode and disabling iMessage and FaceTime.
To update iOS promptly to install the latest patches, exercise caution with links and regularly check backups and sys diagnose archives.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 16 Jan 2024 16:30:20 +0000