Following the report about the "Operation Triangulation" campaign targeting iOS devices, Kaspersky researchers released the special "triangle_check" utility that automatically searches for malware infection. The tool is offered for free on GitHub and is available for macOS, Windows and Linux.
On June 1, 2023 Kaspersky reported the existence of a new mobile APT targeting iOS devices. The campaign uses "zero-click" exploits distributed via iMessage to install malware and gain full control of the device and user data, with the ultimate goal of covertly tracking victims. Kaspersky employees themselves fell victim to this campaign. However, the company's researchers believe that the scope of the attack extends far beyond the organisation itself. Continuing its investigation, Kaspersky aims to bring to light more details about the global spread of this spyware.
The initial report already included a detailed description of compromise trail mechanisms for self-monitoring using the MVT tool. Kaspersky publicly released a special utility on GitHub called "triangle_check". This utility, available for macOS, Windows and Linux in Python, allows users to automatically look for traces of malware infection and therefore check whether a device is infected or not.
Before installing the utility, the user should first back up the device. Once a backup is made, the user can install and activate the utility. If evidence of a breach is detected, the tool will display the "DETECTED" notification, confirming that the device is infected. The "SUSPICION" message indicates the detection of less clear indications - indicating a possible infection. The message "No traces of compromise were identified" will be displayed if no traces are detected.