Dangerous LightSpy iPhone spyware can steal your files, location data and messages — how to stay safe

iPhone 15 Pro Max shown in hand
(Image credit: Tom's Guide)

iPhone users are once again being targeted by dangerous spyware capable of tracking their location as well as stealing their contacts, messages and even data from a number of popular apps.

Apple recently sent out a warning to iPhone users in 92 different countries about the threat posed by spyware. Now though, we have more details on a new version of the LightSpy spyware which is currently being used to target iPhones in Southeast Asia and India.

While this latest campaign hasn’t been observed in the U.S. or the U.K. yet, it could easily be modified to target the best iPhones in Western countries too. Here’s everything you need to know about the LightSpy spyware, including some tips on how you can keep your iPhone safe from hackers.

Stealing browser and app data

A spyware alert displaying on a smartphone.

(Image credit: David MG/Shutterstock)

First discovered back in 2020 by Trend Micro and Kaspersky, LightSpy is an iOS backdoor that is often distributed to unsuspecting iPhone users through compromised news sites according to The Hacker News.

Then in 2023, the cybersecurity firm ThreatFabric noticed that it shares some of the same infrastructure and functionality with the DragonEgg Android spyware developed by APT41, which is a state-sponsored hacker group from China. 

While we’re not entirely sure how LightSpy is being distributed in this latest campaign, in the past, it’s been spread through news sites that have been compromised by hackers. A LightSpy infection begins with a loader that contains the main components of the spyware, after which a number of plugins are downloaded from a remote server that allow it to steal all sorts of sensitive data.

While this spyware could initially steal an iPhone user’s contacts and messages, determine their precise location and extract audio recordings during VoIP calls, a new version was recently discovered by BlackBerry with upgraded capabilities. LightSpy can now steal files from a vulnerable iPhone as well as data from a number of popular apps including Telegram, QQ and WeChat. However, the spyware is also able to steal iCloud keychain data as well as a victim’s browsing history from both Safari and Google Chrome.

In their report on the matter, BlackBerry’s security researchers also revealed that the spyware can gather a list of connected Wi-Fi networks and details about the apps installed on your iPhone in addition to taking pictures using the device’s camera and recording audio through its microphone. To make matters worse, LightSpy can execute shell commands from a remote service, which could likely allow it to take complete control over infected iPhones.

How to keep your iPhone safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Although spyware remains a very serious threat due to just how much personal and financial data we store on our phones, attacks like the one described above are both difficult and costly to pull off. As such, hackers and other cybercriminals mainly use spyware like LightSpy to go after high-profile targets such as politicians, CEOs and political dissidents.

This doesn’t mean that you should ignore the threat posed by spyware though. In a blog post, BlackBerry recommends that iPhone users who are worried about spyware enable Apple’s Lockdown Mode for additional protection. 

At the same time, you should be using the best encrypted messaging apps to communicate with others since they employ end-to-end encryption to prevent prying eyes from gaining access to your conversations. Apple’s iMessage uses this kind of encryption but only between other iPhone users, which is why you may want to use Signal or a similar encrypted messaging app when communicating with Android users.

Like with malware and other cyber threats, the most important thing you can do to stay safe is to keep your devices updated, enable two-factor authentication (2FA) whenever possible and use strong, complex passwords for all of your accounts. The best password managers can help with the last part since they all contain password generators which can create strong and unique passwords as well as securely store all of your existing passwords. You also want to be careful when downloading new apps or files and when visiting new websites since the hackers behind this campaign used compromised sites to distribute the LightSpy spyware.

As one of the best phones for years now, the iPhone will likely always remain a target for hackers. However, by exercising caution online and updating your phone regularly, you should be able to avoid falling victim to hackers. 

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.