QuaDream spyware used to hack iPhones of journalists and NGO worker

Share post:

An Israeli cyber mercenary firm, QuaDream, has been accused of developing spyware that was used to hack the iPhones of political opposition figures, journalists, and an NGO worker, according to two reports by Microsoft and digital rights group Citizen Lab.

The malicious software, which includes zero-click exploits that don’t require the target to click on malicious links, was delivered via calendar invites with dates in the past, which didn’t trigger a notification on the phone, making them invisible to the targets. The attacks reportedly took place using servers located in Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.

Citizen Lab and Microsoft’s reports show that the government hackers who used QuaDream’s exploit were able to hack more than five iPhones running on iOS 14, which was unpatched and unknown to Apple at the time. This made it a so-called zero-day exploit. The malware was designed to download actual malware if it was on the device of the intended target. The final payload was capable of recording phone calls and audio using the phone’s microphone surreptitiously, taking pictures, stealing files, tracking the person’s granular location, and deleting forensic traces of its own existence, among other functionalities.

Citizen Lab researchers, who do not want to name the victims, said that the malware does leave certain traces that allowed them to track QuaDream’s spyware. However, the researchers do not want to reveal these traces to retain their ability to track the malware. They called the traces of malware the “Ectoplasm Factor,” a name inspired by a quest in the popular game Stardew Valley, which a senior researcher at Citizen Lab said he plays.

According to Apple representative Scott Radcliffe, there is no indication that the attack disclosed by Microsoft and Citizen Lab was utilized after March 2021, when the firm delivered a fix. Citizen Lab researchers also stated that QuaDream sold its products through a Cyprus-based firm named InReach, circumventing the Israeli export authority, however the company did not totally avoid restrictions.

The sources for this piece include an article in TechCrunch.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways