DNS Snooping on Apple iOS 14 Zero-Click Spyware KingsPawn | WhoisXML API

Threat Reports

DNS Snooping on Apple iOS 14 Zero-Click Spyware KingsPawn

The NSO Group’s Pegasus malware blazed the trail for what we know now as zero-click spyware targeting mobile OSs, including Apple's iOS, for government use last year. They made such a splash that just last April, new spyware market player QuaDream released what we could consider Pegasus’s relative—KingsPawn.

Meanwhile, Microsoft published an in-depth study of KingsPawn where they named 64 domains as indicators of compromise (IoCs). 

We scoured the DNS for other potentially KingsPawn-related artifacts and found:

  • 19 IP addresses to which the IoCs resolved, 17 of which turned out to be malicious
  • 2,100+ additional domains that shared the IoCs’ IP hosts, 11 of which turned out to be malware hosts
  • 1,000+ subdomains that contained the string com.apple, 18 of which have been categorized as malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/
Try our WhoisXML API for free
Get started