In an article published Thursday on the Google Project Zero blog, experts believe that websites that have been hacked to host these attacks receive several thousand visitors a week. However, they did not specify which sites were affected.
"A simple visit to one of the hacked sites was enough for the operating server to attack your device, and, if successful, install a monitoring program," said Ian Beer, Project Zero.
Once installed, the malicious software "will first steal the files and download the geolocation data," he added, adding that he was also able to access encrypted messages shared through applications such as Telegram, WhatsApp and iMessage.
Most of these flaws are in the default Safari web browser, according to Beer, who says the Zero Project team has discovered them in almost every operating system, from iOS 10, to the current version iOS12.
Once embedded in the iPhone, the malware transmitted captured data, including live geolocation, transmitted every minute. According to Ian Beer, Google informed Apple of these attacks in February, after which the giant Apple has issued a security patch for iOS 12.1.