January 17, 2024 at 01:07PM
Security researchers discovered a method to detect spyware infections like Pegasus, Reign, and Predator on compromised Apple mobile devices by analyzing the Shutdown.log file. Kaspersky released Python scripts to automate this process and recommend regular device restarts to capture signs of infection. The method proved reliable in identifying spyware-related behaviors and potential infections.
From the given meeting notes, the following key takeaways can be summarized:
1. Security researchers found that the Shutdown.log file on compromised Apple mobile devices can reveal infections with high-profile spyware such as Pegasus, Reign, and Predator by analyzing the process delays during the rebooting procedure.
2. Kaspersky has released Python scripts, iShutdown, to automate the analysis of the Shutdown.log file for detecting potential signs of malware infections. These scripts allow for the extraction and analysis of reboot data, and the identification of digital forensic artifacts indicative of compromise.
3. The researchers recommend frequent device reboots to increase the likelihood of detecting infections in the log file and highlight that the method may fail if the device is not rebooted on the day of infection.
4. The method has been used successfully to analyze infections by Pegasus and Reign spyware, and researchers believe it may also be effective in identifying infections by the Predator spyware, based on similarities in the malware execution path.
5. Kaspersky’s GitHub repository contains instructions for using the Python scripts, along with example outputs, but it requires familiarity with Python, iOS, terminal output, and malware indicators for proper evaluation.
6. The researchers emphasize that the analysis of the Shutdown.log file provides a much easier method for identifying malware infections compared to traditional techniques like examining encrypted iOS backups or network traffic.
These takeaways provide a clear understanding of the significance of the Shutdown.log file analysis in identifying malware infections on Apple mobile devices and the tools and techniques available for the analysis.