Cyber Security News

‘Triangulation’ Malware- New Tool to Find iPhones & iOS Devices Infection

Kaspersky reported earlier this month that they have discovered a new Zero-click iOS exploit currently being exploited by threat actors.

The exploitation involves using iMessage as the delivery channel to gain root privileges. 

Threat actors were using Command and Control (C2) servers to manage and control the compromised iOS devices.

Recent reports suggest that a new tool named “triangle-check” was released, which could scan iTunes backups for traces of IoCs (Indicators of Compromises).

This was released as a pypi project, “triangle-check 1.1”.

Triangle Check

This project is released as a Python script that can scan iTunes backups of iPhones and check for any traces of compromise.

The script has two Python dependencies, colorama, which is used for pretty printing, and pycryptodome.

For using this package, the exact location of the iTunes backup directory is required, which includes many sub-directories and files like “Manifest.db” and “Manifest.plist”. 

For decryption, the password used for encryption is required (If the backup is set up in iTunes). For advanced back creation, the idevicebackup2 tool can be used, which is dependent on the open-source package named “libimobiledevice” 


The tool is run on the iTunes backup directory, which is scanned for suspicious activity.

If the tool finds any malicious activity, the tool will print the output as SUSPICION. If the tool finds any Indicators of Compromise (IoC), it will print DETECTED.

Install and Configure

To install this project, the following commands can be used

python -m pip install triangle_check
python -m pip install -r requirements.txt

For installing this as a pip package,

git clone
cd triangle_check
python -m build
python -m pip install dist/triangle_check-1.0-py3-none-any.whl

Windows or Linux users are recommended to use the binary builds of this project.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago