Kaspersky, a leading antivirus company, has introduced a Python script, named iShutdown, to streamline the analysis of Shutdown.log – an Apple iOS system log file documenting device activity during a reboot. This move aims to combat spyware on the widely used mobile platform.
Outlined in a blog post on Securelist, designed for security researchers, iShutdown is now available on GitHub. The collection of scripts sidesteps complex technical solutions, like attempting to access encrypted backups, opting instead for the straightforward Shutdown.log file.
Spyware, a malicious software variant aiming to transmit sensitive user data and device activity to unknown entities, poses a significant threat. This concern is particularly relevant for employers providing Apple iPhones as corporate devices. Sysadmins should consider exploring the iShutdown scripts to effectively detect potential device intrusions.
Exploring iShutDown Scripts: Unveiling the Details
Delving into the package, there are three scripts meticulously crafted to navigate and extract data from the Shutdown.log file embedded within ‘Sysdiagnose.tar.’
This trio of scripts proves essential, sequentially locating and extracting the .log file from the archive, followed by extracting valuable reboot data. Remarkably, Python automation can simplify this iterative, multi-script process.
While openly accessible on GitHub, these tools cater specifically to security researchers. The script output might pose challenges for those unfamiliar with the intricacies, given its niche nature in the tech realm.
For the proficient, a noteworthy consideration arises – the iShutdown scripts, focusing on retrieving reboot data, may necessitate frequent system reboots. Kaspersky remains somewhat elusive on this point, leaving it open-ended and dependent on the user’s “threat profile.”
Despite the potential disruptions to black-hat developers, especially those behind notorious spyware like Pegasus, the unveiling of iShutdown marks a significant stride in easing the lives of security researchers. However, the caveat looms large – spyware developers now possess insights into the scripts’ monitoring patterns, heightening the perpetual cat-and-mouse game in the realm of spyware detection.
Source: BleepingComputer
