Citizen Lab researchers have uncovered a new zero-click iMessage exploit that has been used by threat actors to target at least nine Bahraini nationals with NSO group’s Pegasus Spyware. Zero-click means that simply receiving the message is enough to install malware on a targeted iPhone, and does not require any user interaction. The attacks are linked by Citizen Lab, with high confidence, to the Bahraini Government that is using the spyware to track activists. The spyware was deployed on their devices after being compromised using two zero-click iMessage exploits, the 2020 KISMET exploit, and a new never-before-seen exploit dubbed FORCEDENTRY (previously tracked by Amnesty Tech as Megalodon). NSO Group attacks using the new iMessage zero-click exploit circumvents the iOS BlastDoor feature designed to block such exploits, and was first spotted in February 2021. Citizen Lab saw the attack being carried out on Apple devices that were running the newest software update.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased