Moscow, March 27 Actors behind the 'LightSpy' spyware campaign targeting users in Southeast Asia distribute links to malicious websites, mimicking the original ones that are likely to be frequented by potential victims, researchers from cybersecurity firm Kaspersky said on Friday.
Once a target visits the weaponised website, a custom exploit chain tries to execute a shellcode, which leads to the deployment of the fully original malware on the victims phone.
The malware is successfully targeting iPhones running versions of iOS up to version 12.2. Users running the latest version of iOS, 13.4, should be safe from these exploits.
Users of Android OS-based devices are also in the crosshairs researchers found several versions of the implant that target this platform.
In addition, Kaspersky researchers identified some indicators of the existence of malware targeting Mac, Linux and Windows-based computers, along with Linux-based routers.
The research also discovered the malware is being spread through forum posts and replies, as well as popular communications platforms by posting links to the deployed landing pages.
Once the website has been visited, the malware jailbreaks the victims device, giving the attackers the ability to record calls and audio, read certain messengers and more.
The information currently available does not make it possible to attribute the operation to any known advanced persistence threat actor (APT), which is why Kaspersky has temporarily dubbed the attackers 'TwoSail Junk'.
"We tracked this particular framework and infrastructure beginning in January this year. It is an interesting example of an agile approach to developing and deploying surveillance framework in Southeast Asia," Alexey Firsh, security researcher at Kaspersky's Global Research and Analysis Team, said in a statement.
To avoid falling victim to water-holing and other targeted attacks such as this, Kaspersky recommended that people should avoid suspicious links promising exclusive content, especially if they are shared on social media.
( With inputs from IANS )