The delivery of the message exploits a vulnerability that leads to code execution without requiring any user interaction, leading to the download of additional malicious from the attackers' server.
Subsequently, the message and attachment are wiped from the device. At the same time, the payload stays behind, running with root privileges to collect system and user information and execute commands sent by the attackers.
Kaspersky says the campaign started in 2019 and reports the attacks are ongoing.
The cybersecurity firm has named the campaign "Operation Triangulation" and is inviting anyone who knows more about it to share information. [
In a statement coinciding with Kaspersky's report, Russia's FSB intelligence and security agency claims that Apple deliberately provided the NSA with a backdoor it can use to infect iPhones in the country with spyware.
The FSB alleges that it has discovered malware infections on thousands of Apple iPhones belonging to officials within the Russian government and staff from the embassies of Israel, China, and several NATO member nations in Russia. Despite the seriousness of the allegations, the FSB has provided no proof of its claims.
To be fair to Apple, it is likely that the FSB is just trying to make US Apple fanboys so insecure with their favourite brand that they will overthrow the government and install another Russian puppet. The FSB and the Russian government press office tend to make claims about the "other side" which they are doing themselves. The are only taken seriously by those who thing RT is a real news source.