DNS Snooping on Apple iOS 14 Zero-Click Spyware KingsPawn
The NSO Group’s Pegasus malware blazed the trail for what we know now as zero-click spyware targeting mobile OSs, including Apple's iOS, for government use last year. They made such a splash that just last April, new spyware market player QuaDream released what we could consider Pegasus’s relative—KingsPawn.
Meanwhile, Microsoft published an in-depth study of KingsPawn where they named 64 domains as indicators of compromise (IoCs).
We scoured the DNS for other potentially KingsPawn-related artifacts and found:
- 19 IP addresses to which the IoCs resolved, 17 of which turned out to be malicious
- 2,100+ additional domains that shared the IoCs’ IP hosts, 11 of which turned out to be malware hosts
- 1,000+ subdomains that contained the string com.apple, 18 of which have been categorized as malicious
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/