How to check if your iPhone is infected with Operation Triangulation malware

| Posted on |

Recently, Kapersky discovered a vulnerability in iPhone security that allows malware to be installed on a mobile phone without requiring any action from the user. According to the Russian company specializing in security, it is enough to receive a message with a compromised attachment from iMessage to have the device infected.

Among the information collected by the spy program are images sent in messaging applications, microphone recordings, geolocation and other activity logs on the device itself.

Although this malware targets specific people and companies, Kapersky has released a tool so that anyone can check if their Apple device is compromised. See below how to use it.

Before starting, make a backup

iPhone backup

Before checking if your Apple device is infected with malware, you need to back up your device. This is because iOS has several security mechanisms (sandboxing, data encryption, and code signing) that prevent real-time system scans.

windows

  1. Connect your device and open iTunes. If necessary, unlock the device and confirm that you trust the computer.
  2. Right-click your device icon in iTunes and select “Backup.”
  3. The created backup will be saved in %appdata%\AppleComputer\MobileSync\Backup.

MacOS

  1. Connect your device and, if necessary, confirm that you trust the computer.
  2. Open Finder, select your device and tap “Create a backup”.
  3. The created backup will be saved in ~/Library/Application Support/MobileSync/Backup/.

Infected iPhone: How to check

python

Now that you’ve backed up, it’s time to check if your iPhone is infected. For that, you’ll need to run a command via Python or binary builds.

python

  1. Open your Python program and get the PyPI “triangle-check” by running the command “python -m pip install triangle_check”.
  2. After that, use this command to start the tool: “python -m triangle_check backup path created in the previous tutorial“.

Git Hub

  1. Run the following commands:
git clone https://github.com/KasperskyLab/triangle_check
cd triangle_check
python -m build
python -m pip install dist/triangle_check-1.0-py3-none-any.whl
  1. After that, use this command to start the tool: “python -m triangle_check backup path created in the previous tutorial“.

binary compilation

If you have Linux or Windows you can use binary builds

  1. Download and decompile the “triangle_check_win.zip” file from Git Hub.
  2. Open the command prompt (cmd.exe) or PowerShell application.
  3. Change the directory to the one with the decompiled file (for example: C:\%userprofile%\Downloads\triangle_check_win).
  4. Run the “triangle_check.exe” executable, specifying the backup path as argument (for example: triangle_check.exe “%appdata%\Apple Computer\MobileSync\Backup\00008101-000824411441001E-20230530-143718”.

How to interpret the result

pleases

The Kapersky tool will produce one of the following scan results:

through Computer that plays AND Protected list.

The post How to check if your iPhone is infected with Operation Triangulation malware first appeared on Olhar Digital.

Source: Olhar Digital

Leave a Reply

Your email address will not be published. Required fields are marked *