SecurityWeek reports that more than a dozen new plugins have been introduced to the LightSpy surveillance tool for iOS, bringing the total number of plugins to 28, many of which have destructive capabilities.
After exploiting the Safari remote code execution flaw, tracked as CVE-2020-9802, for initial access, the updated LightSpy payload triggers an exploit chain with jailbreak and loader stages prior to malware core delivery on devices running on iOS versions up to 13.3, according to ThreatFabric researchers. Aside from enabling photo and screenshot capturing, sound recording, file deletion, and message, contacts, and call and browser history compromise, the new LightSpy variant also facilitates the deletion of browser history, media files, selected SMS messages, and certain contacts, as well as prevents device booting and omit Wi-Fi network configuration profiles, the report noted. "[The destructive capabilities suggest] that the threat actors valued the ability to erase attack traces from the device," said researchers.
