This script allows to scan iTunes backups for indicator of compromise by Operation Triangulation. For more information, please read Securelist. Triangle Check: scan iTunes backups for traces of compromise by Operation Triangulation
While monitoring the network traffic of our own corporate Wi-Fi network using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we discovered a previously unknown mobile APT campaign targeting iOS devices. The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data. We are calling this campaign “Operation Triangulation”.