Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Hacked news websites with Hong Kong-related stories were suspected to have been leveraged to facilitate the deployment of the LightSpy spyware, as observed in previous campaigns, with a loader enabling the delivery of the core implant and several plugins, which build upon the primary backdoor's capabilities, a report from BlackBerry revealed.
"Each plugin undergoes a process of secure retrieval from the threat actor's server in an encrypted format, followed by decryption, before being executed within the system environment," said researchers.
Aside from allowing file exfiltration and audio recordings, the new LightSpy version also facilitates network reconnaissance, application inventory, user activity monitoring, image capturing, device enumeration, and credential access.
