Apple has recently issued a security warning to iPhone users in 92 countries, stating that they might be at risk of spyware attacks. The spyware, known as LightSpy, was discovered in 2020 and is believed to be related to political tensions in Hong Kong. According to a research report by the BlackBerry blog, this spyware may be linked to hackers from China.
LightSpy is particularly worrisome spyware as it has extremely flexible configuration capabilities, allowing attackers to control it precisely with updatable configurations. The latest version of LightSpy, called LightSpy F_Warehouse, can steal information from messaging applications, secretly record audio, and locate personal files such as documents or photos to extract. The most concerning feature of this version is that it can specifically determine the location of the infected device, and it is currently targeting iPhone users in India and South Asia.
The BlackBerry Blog has pointed out that the use of this spyware is concerning, as it is challenging to determine whether it is a government-sponsored operation or not. The criminals’ active servers are located in China, Singapore, and Russia, and error messages and some comments found in the spyware code suggest that the designers behind LightSpy are native Chinese speakers.
Users are at risk because the spyware is present on high-traffic websites. It collects device information and downloads the next stages, which include LightSpy and the necessary add-ons to perform the spying. Therefore, users are advised to enable blockade mode on their iPhones, update their iPhones regularly, and enable two-step verification for Apple ID. They should also avoid reusing passwords from different online services and, most importantly, not click on unknown links or attachments. These recommendations are particularly important for political activists or journalists in South Asia who may be more vulnerable to such attacks.