Following the report on the Operation Triangulation campaign targeting iOS devices, Kaspersky researchers have released a special ‘triangle_check’ utility that automatically searches for the malware infection. The tool is publicly shared on GitHub and available for macOS, Windows and Linux.
At the beginning of June 2023, Kaspersky reported about a new mobile APT that has been targeting iOS devices. The campaign employs zero-click exploits delivered via iMessage to install malware and gain complete control over the device and user data, with the ultimate goal of hiddenly spying on users. Among the victims were Kaspersky’s own employees; however, the company’s researchers believe the scope of the attack extends far beyond the organization. Continuing the investigation, Kaspersky researchers aim to bring more clarity and further details on the worldwide proliferation of this spyware.
“Today we are proud to release a free public tool that allows users to check whether they were hit by the newly emerged sophisticated threat. With cross-platform capabilities, the “triangle_check” allows users to scan their devices automatically. We urge the cybersecurity community to unite forces in the research of the new APT to build a safer digital world,” commented Igor Kuznetsov, Head of the EEMEA unit, Kaspersky Global Research and Analysis Team (GReAT).
Before installing the utility, the user should first do a backup of the device. Once a backup copy is created, a user can install and run the tool. If indicators of compromise are detected, the tool will show a “DETECTED” notification that confirms the device has been infected. The ‘SUSPICION’ message indicates detection of less unambiguous indicators – pointing to a likely infection. A “No traces of compromise were identified” message will be shown if no IoCs were detected at all.