The flaw in the iMessage feature can be used to steal trading account information on malicious devices, and the securities company warns customers to strengthen security measures. VPS Securities Company has just issued a safety warning to customers, warning of iMessege vulnerability on iPhone phones. Accordingly, in June 2023, security firm Kaspersky released information about an attack campaign of hackers aimed at users using iPhone mobile versions iOS 15.7 and below. According to the description, the hacker took advantage of a flaw in the iMessege feature to infect and activate malicious code on iPhone devices. Once installed, the malicious code acts as a tracking software, automatically collecting sensitive information on the device and can be used to steal trading account information on the malicious device. . All of this can happen without the user even having to interact. About the trick, the hacker will send a message to the victim via iMessege with a file containing malicious code attached. The message will then automatically activate malicious code and execute tracking, information gathering, and device control actions without the victim’s interaction. Finally, the message will be automatically deleted to avoid detection by the victim. Therefore, in order to prevent the risk of account intrusion and theft, and avoid financial loss, VPS Securities Company recommends that customers check and immediately update the iOS version of their devices. if you are using version 15.7 or below. If you have not updated, you can temporarily turn off the iMessege feature. Regularly update new versions of software and operating systems on devices, in order to patch security holes of old versions. “Do not take actions that break the device’s security barrier (jailbreak for iOS and root for Android phones). Only download and install apps from reputable sources Appstore, Google Pay and do not download. applications from 3rd party sources. Do not install applications that require access to devices that are not suitable for the application’s functionality. Only access websites and applications provided by VPS when trading” – VPS stock recommended. Regarding this scam, Kaspersky said it recently reported on a new mobile APT campaign targeting iOS devices through iMessage. After a six-month investigation, Kaspersky researchers have published an in-depth analysis of the exploit chain and detailed exploration of spyware infection activity. The software, called TriangleDB, is deployed by exploiting a vulnerability to gain root privileges on iOS devices. Once launched, it only works in the device’s memory, so traces of the infection will disappear when the device reboots. So, if the victim reboots the device, the attacker needs to re-infect the device by sending another iMessage with a malicious attachment, starting the whole exploit again. “If the device does not reboot, the software will automatically uninstall after 30 days, unless the attackers extend this time. Acting like a sophisticated spyware, TriangleDB performs many capabilities. collect and monitor data,” said Kaspersky expert. A few days ago, Military Commercial Joint Stock Bank (MB) also warned of a similar trick, with the risk of hacking the device with iMessage on iPhone. Specifically, MB recommends that customers pay attention to check the iOS version of their device and update immediately if the version is using a version less than 15.7. For versions from 15.7 and earlier, users can temporarily turn off the iMessage feature if there is no need to use it. At the same time, proactively update the latest versions of the iOS operating system and the software installed on the device on a regular basis. For devices with the same Apple ecosystem using other iMessages (iPad, Mac, …) there is still no confirmation of this error, but users should also note updating the new operating system version continuously to prevent minimize risk. In case of detecting suspicious signs, it is necessary to immediately disconnect the device’s network connection to ensure that the user’s data cannot be transmitted to the attacker. For infected machines, perform a factory reset and update to the latest iOS operating system version.