A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. The attack leverages a remote iOS exploit chain to deploy a feature-rich implant called ‘LightSpy’ through links to local news websites. When clicked, the malware payload executes the payload and allows an interloper to exfiltrate sensitive data from the affected device. The spyware is not just capable of remotely executing shell commands and taking full control of the device, it also contains a variety of downloadable modules that allow for data exfiltration.
Source: https://thehackernews.com/2020/03/iphone-iOS-spyware.html