Cupertino had recently issued an important security warning to users in 92 countries due to spyware attacks carried out by mercenaries on iPhones. Today, thanks to a research report from the BlackBerry blog, we state: spyware has a name and location, LightSpy is probably linked to China.

LightSpy uses an iOS-based implant and was already used in 2020

It is such a technology It was already present and served in the political sphere in places like Hong Kong, given the tensions that existed in 2020. Now “LightSpy F_Warehouse” A modular version with various spy options. It has the ability to steal information from messaging apps (like in this hacker attack using iMessage), Secretly record audio and find personal files even during VOIP calls Such as documents and images to be extracted.

The most striking thing is that This threat can determine the location of the infected device in a highly specific way. For now, the targets are iPhone users in India and South Asia. Error messages and some comments found in the spyware code state that: The designers and creators behind LightSpy are “native Chinese speakers”. Another interesting fact is that criminals’ active servers are located in China and other countries such as Singapore and Russia.

Chinese-language comments in spyware code

A greater concern as it will be a government-funded activity

The blog states that, given what happened in 2020, it is of great concern because it cannot be determined whether this software is an activity supported by government money.

What makes this software powerful is becomes undetectable once infiltrated on an iPhone. Users are at risk because the software is located on highly visited websites. For example, in the previous version, the software was available on news sites related to Hong Kong. It initially collects device information and downloads subsequent stages that include LightSpy and necessary add-ons to perform spying.

This is what the LightSpy admin panel looks like

The recommendations on the BlackBerry security blog are clear. In addition to enabling lock mode on their iPhones, they warn anyone who is part of political activism in South Asia as if misplaced to reduce attack potential.

General recommendations include; Always remember to update your device and enable two-step verification of your Apple ID.. Avoid repeating and recycling passwords across different online services. Finally and most importantly, Do not click on unknown links or attachments from unknown people.