Skip to main content

On June 1, 2023, Kaspersky reported about a new mobile APT that has been targeting iOS devices. The campaign employs zero-click exploits delivered via iMessage to install malware and gain complete control over the device and user data, with the ultimate goal of hiddenly spying on users. Among the victims were Kaspersky's own employees; however, the company’s researchers believe the scope of the attack extends far beyond the organization. Continuing the investigation, Kaspersky researchers aim to bring more clarity and further details on the worldwide proliferation of this spyware.

The initial report already included a detailed description for self-checking compromise trail mechanisms using the MVT tool. Today, Kaspersky publicly released on GitHub a special utility called ‘triangle_check’. This utility, available for macOS, Windows and Linux in Python, allows users to automatically search for traces of malware infection and therefore check whether a device has been infected or not.

Before installing the utility, the user should first do a backup of the device. Once a back up copy is created, a user can install and run the tool. If indicators of compromise are detected, the tool will show a “DETECTED” notification that confirms the device has been infected. The ‘SUSPICION’ message indicates detection of less unambiguous indicators – pointing to a likely infection. A "No traces of compromise were identified” message will be shown if no IoCs were detected at all.

“Today we are proud to release a free public tool that allows users to check whether they were hit by the newly emerged sophisticated threat. With cross-platform capabilities, the “triangle_check” allows users to scan their devices automatically,” commented Igor Kuznetsov, head of the EEMEA unit at Kaspersky Global Research and Analysis Team (GReAT) “We urge the cybersecurity community to unite forces in the research of the new APT to build a safer digital world.”

To learn more about how to use the ‘triangle_check’, read the blogpost.

To learn more about the “Operation Triangulation”, visit

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at

Operation Triangulation: Kaspersky releases utility for malware detection

Following the report on the Operation Triangulation campaign targeting iOS devices, Kaspersky researchers have released a special ‘triangle_check’ utility that automatically searches for the malware infection. The tool is publicly shared on GitHub and available for macOS, Windows and Linux.
Kaspersky Logo