Research Updated Jan 30, 2024

Triangle Check Utility

Triangle Check Utility

Triangle Check, a creation of Kaspersky Lab, is a sophisticated script designed to empower users in scanning iTunes backups for potential compromise indicators related to Operation Triangulation. Its advanced mechanism bears resemblance to the Pegasus Project, an elite-level surveillance tool developed by the Israeli company NSO Group for its clientele. Pegasus tool has been used in more than 50 countries since 2016.

Download Triangle Check

The Triangle Check Utility has been unveiled as an open-source project, scripted in the Python programming language. For compatibility with both Windows and Linux, the developer has thoughtfully provided alternative binary builds of the triangle_check utility. The recommended method for installation is via PyPI. Triangle Check can be also installed on macOS.

What is Triangle Check?

Triangle Check, a Python script, serves as a valuable tool for automatically detecting potential compromises on your iPhone through the Operation Triangulation exploit. This exploit has the capability to gain full control over your device without requiring any user interaction. It is typically deployed through a text message sent to the victim's iPhone and operates discreetly, automatically removing itself without the user's knowledge of the intrusion.

Due to the limited accessibility to the device file system, Triangle Check necessitates the creation of an iPhone backup using iTunes or Finder. This command-line tool is designed to scan iTunes backups for any indications of compromise linked to Operation Triangulation.

Additionally, Triangle Check extends support to encrypted iTunes backups; however, it is imperative to possess the password for decryption. Encrypted iTunes or libimobiledevice backups yield a more comprehensive set of data for analysis.

Triangle Check Utility screenshot.

The "Encrypt local backup" feature, accessible in Finder or iTunes, plays a crucial role in safeguarding and encoding your data. When opting for encrypted backups, a broader spectrum of information is included, comprising saved passwords, Wi-Fi settings, website history, health data, and call history. Triangle Check can decrypt all data with a given password.

However, it's essential to be aware that encrypted backups deliberately exclude certain sensitive data, such as Face ID, Touch ID, or device passcode information. This strategy ensures the security and privacy of the most confidential aspects of your iPhone.

Triangle Check meticulously examines the backup file, scrutinizing for any lingering signs of potential malware installation. The scanning process extends to various elements within the system, including but not limited to the Library/SMS/Attachments/ directory.

It specifically looks for remnants of potential malware introduced through modified attachments sent via the Messages app. The scrutiny encompasses the detection of suspicious data within .plist files, the identification of a fake malware utility known as BackupAgent, examination of sqlite3 databases, and other relevant indicators that may signify a compromise.

How to install Triangle Check

The Triangle Check Utility is available for download as a binary file compatible with both Windows and Linux. Nevertheless, the recommended approach for installation is through PyPI. This streamlined method is equally applicable to macOS users seeking to install the utility.

python -m pip install triangle_check

Usage: python -m triangle_check /path/to/iTunes_backup [backup_password]

Sponsored links

Post a comment

Latest Posts


Show iPhone info using ideviceinfo

Show iPhone info using ideviceinfo

To access a wide array of information about your iPhone, start by navigating through the Settings app. From there, proceed to the General tab and then to the About section. However, for even more detailed insights into your iPhone, you can utilize...

IPA Files



NWZSTool emerges as the evolutionary successor to Bullfrog Assistant, a widely embraced on-device IPA signing tool. Like its predecessor, NWZSTool allows users to sign and sideload IPA files. Despite the rebranding, the essence remains consistent...




uz.ra has pleasantly surprised us once again by delivering a new jailbreak tweak. Its primary objective? To replace the iOS 16 Lock Screen music player with a design closely resembling Apple's original layout. While HALO tweak boasts a plethora...