LightSpy is a advanced spyware for iOS and macOS devices, used to spy on activists and high profile individuals. It’s modular so it can adapt and expand its capabilities, a big threat to user privacy and device security.
LightSpy first appeared in 2020 and was targeting iOS users in specific regions. Over time it has evolved to target macOS as well, showing how persistent its operators are. The spyware has a modular framework, uses plugins to perform various malicious activities, data exfiltration, device monitoring and in some cases destructive actions that can brick the device.
Distribution Methods
The attackers behind LightSpy have been using publicly available vulnerabilities and jailbreak kits to compromise devices. For example they have used Safari exploits like CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation. These exploits are delivered through watering hole attacks, where users are lured to malicious websites that initiates the infection process.
Functional Capabilities
Once installed LightSpy can harvest a lot of data, contacts, messages, application data, location information and even screen capturing. Recent versions have added destructive plugins that can delete media files, SMS messages, Wi-Fi configurations and more. Some plugins can even prevent the device from booting, effectively bricking the device.
Update mobile operating systems and apps to patch known vulnerabilities.
Use trusted app stores to minimize the risk of downloading malware.
Deploy MDM to monitor and enforce security policies.
Educate users about the risks of visiting untrusted websites and downloading unauthorized applications.
