{"id":3720,"date":"2020-03-29T00:11:52","date_gmt":"2020-03-28T23:11:52","guid":{"rendered":"https:\/\/werle.pro\/?p=3720"},"modified":"2020-03-29T00:58:40","modified_gmt":"2020-03-28T23:58:40","slug":"ssi-pdt-operation-poisoned-news-mobile-malware-via-local-news-links","status":"publish","type":"post","link":"https:\/\/werle.pro\/index.php\/2020\/03\/29\/ssi-pdt-operation-poisoned-news-mobile-malware-via-local-news-links\/","title":{"rendered":"SSI PDT &#8211; Operation Poisoned News &#8211;  Mobile Malware via Local News Links"},"content":{"rendered":"\n<figure class=\"wp-block-gallery columns-1 is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"931\" src=\"https:\/\/i0.wp.com\/werle.pro\/wp-content\/uploads\/2020\/03\/poisoned-news-6b-1024x9312-1.jpg?resize=1024%2C931&#038;ssl=1\" data-id=\"3723\" class=\"wp-image-3723\" srcset=\"https:\/\/i0.wp.com\/werle.pro\/wp-content\/uploads\/2020\/03\/poisoned-news-6b-1024x9312-1.jpg?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/werle.pro\/wp-content\/uploads\/2020\/03\/poisoned-news-6b-1024x9312-1.jpg?resize=200%2C182&amp;ssl=1 200w, https:\/\/i0.wp.com\/werle.pro\/wp-content\/uploads\/2020\/03\/poisoned-news-6b-1024x9312-1.jpg?resize=768%2C698&amp;ssl=1 768w, https:\/\/i0.wp.com\/werle.pro\/wp-content\/uploads\/2020\/03\/poisoned-news-6b-1024x9312-1.jpg?resize=512%2C466&amp;ssl=1 512w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" data-recalc-dims=\"1\" \/><\/figure><\/li><\/ul><\/figure>\n\n\n\n<p>From Trend Micro<\/p>\n\n\n\n<p><em><strong>By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez, Lilang Wu, and Ecular Xu<\/strong><\/em><\/p>\n\n\n\n<p>A recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news sites, they also use a hidden iframe to load and execute malicious code. The malicious code contains exploits that target vulnerabilities present in iOS 12.1 and 12.2. Users that click on these links with at-risk devices will download a new iOS malware variant, which we have called <em>lightSpy&nbsp;<\/em>(detected as IOS_LightSpy.A).<\/p>\n\n\n\n<p><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links\/\">https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From Trend Micro By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez, Lilang Wu, and Ecular Xu A recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news &#8230; <a title=\"SSI PDT &#8211; Operation Poisoned News &#8211;  Mobile Malware via Local News Links\" class=\"read-more\" href=\"https:\/\/werle.pro\/index.php\/2020\/03\/29\/ssi-pdt-operation-poisoned-news-mobile-malware-via-local-news-links\/\" aria-label=\"Read more about SSI PDT &#8211; Operation Poisoned News &#8211;  Mobile Malware via Local News Links\">Lire la suite<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[10],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ALXt-Y0","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts\/3720"}],"collection":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/comments?post=3720"}],"version-history":[{"count":3,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts\/3720\/revisions"}],"predecessor-version":[{"id":3724,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts\/3720\/revisions\/3724"}],"wp:attachment":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/media?parent=3720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/categories?post=3720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/tags?post=3720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}