There’s a New Threat Targeting iPhones—What You Need to Know
There's a new piece of malware that's threatening iPhone users. Here's what you need to know about it—and what you need to do about it.
Antivirus company Kaspersky has recently discovered a piece of malware that poses a significant threat to iPhone users. This iPhone virus targets models running up to iOS 15.7 through the iMessage app and exploits a security vulnerability in the form of a text message attachment.
Thankfully, it’s easy to avoid. Below, we’ll explain the nature of this malware and its potential impact, show you how to protect yourself and offer up a few other iPhone security tips for iOS users to secure their devices.
What’s the new malware that’s targeting iPhones?
This newly discovered malware leverages a vulnerability within an attachment sent through iMessage. When an unsuspecting iPhone user receives such a text message, the security flaw within the attachment is triggered automatically, enabling the execution of malicious code— without requiring any user interaction whatsoever.
By exploiting this weakness, the malware establishes a connection with a Command and Control server. This connection allows the malware to discover, access, and exploit additional vulnerabilities. This then grants the malware complete control over the targeted iOS device. With control of your iPhone, an attacker can access your contacts, accounts, apps, personal data, and even payment information if you’ve set up Apple Pay on your device.
How can I protect my iPhone from this malware?
The good news is that there’s an easy way to protect yourself against this malware. The most vital step to safeguard your device is to update your iPhone. Keeping the iOS firmware up to date equips you with the latest security patches, as Apple regularly releases security patches and updates to address new vulnerabilities. By ensuring your device is running the latest version of iOS, you significantly reduce the risk of falling victim to this malware and other mobile security threats.
Follow these steps to update your iOS firmware:
- Open the Settings app.
- Go to General and select Software Update.
- If there’s an update available, tap “Download and Install.”
- We also recommend enabling Automatic Updates if you haven’t done so already.
Since this malware exploits attachment vulnerabilities in iMessage without requiring user interaction, turning off automatic message previews is another step we suggest you take. This adds another level of security by preventing potentially malicious content from loading automatically. To turn off automatic message previews:
- Open the Settings app.
- Scroll down and select Messages.
- In the Notifications section, toggle off the “Show Previews” option.
More iPhone security tips and tricks
The above steps will harden your iPhone against this new iMessage exploit, but that’s not the only security threat you should be wary of. Here are some additional iPhone security tips to protect your device against spyware, viruses, and other malicious code:
- Exercise caution with links: Always be wary of unfamiliar links received via text messages, emails, or social media platforms. Avoid clicking on suspicious links, which may lead to phishing websites or malware-infected pages.
- Handle attachments carefully: Be vigilant when opening attachments, especially from unknown sources. Malware can be disguised as innocent-looking files, such as documents or images. Verify the sender’s credibility before opening any attachments.
- Use Face ID in public: Set up your iPhone to always use Face ID in public. This prevents a would-be hacker from getting your iPhone passcode through “shoulder surfing” and potentially using that to access your device.
- Install reliable antivirus software: Consider installing a reputable antivirus app from the App Store. These apps can provide an extra layer of security by scanning for potential threats and offering real-time protection.
- Enable two-factor authentication (2FA): Enabling two-factor authentication for your Apple ID adds a strong barrier to entry to both your Apple account and iPhone. 2FA ensures that if your password is compromised, unauthorized access will be hindered without the secondary authentication method, which the attacker likely does not have access to.
The fight against cybercrime is a constantly evolving arms race between hackers and those who thwart them. With this new malware threat targeting iPhone users, it’s crucial to remain vigilant and take preventative measures to protect your iOS devices. This is easy to do with a bit of diligence. By keeping your iOS firmware up to date, disabling automatic message previews, and exercising caution with links and attachments, you significantly reduce the risk of falling victim to this or any other malicious attack.
Source:
- SecureList by Kapersky: Operation Triangulation: iOS devices targeted with previously unknown malware