Security researchers have discovered an updated version of the LightSpy spyware that now specifically targets social media platforms like Facebook and Instagram with expanded data collection capabilities.
According to researchers at Hunt.io, the latest variant of LightSpy includes new features designed to extract messages, contacts, and metadata from social media application databases, marking the first time this spyware has directly targeted these platforms.
The updated iOS version 7.9.0 has more than doubled its plugin count from 12 to 28, while its command capabilities have grown from 55 to over 100 across multiple platforms. These enhancements give operators greater control over infected devices and improved ability to manage deployments across different systems. The landscape of commercial spyware targeting Apple's iOS devices has undergone remarkable changes since 2016, transforming from relatively simple attacks to highly sophisticated infection methods that challenge even the most secure mobile platforms.
Beyond social media targeting, LightSpy maintains its core abilities to:
- Steal files from messaging apps like Telegram, QQ, and WeChat
- Access personal documents and media
- Record audio
- Capture browser history
- Collect WiFi connection data
- Take photos using device cameras
- Execute system commands
- Retrieve KeyChain data
The spyware uses a modular framework and has been active since January 2024. Researchers noted code similarities between macOS and iOS versions, suggesting development by the same team.
Hunt.io's analysis revealed multiple administration panels hosted across different IP addresses, with specialized endpoints for login, remote access, and device management. The researchers continue monitoring for new command and control servers while tracking the threat's evolution.
The expanded capabilities and infrastructure improvements indicate LightSpy's operators are actively developing their surveillance toolkit across multiple platforms, presenting an ongoing security concern for social media users.