Beware iPhone Users: QuaDream Hackers Using Calendar Invites to Spread Spyware

A little-known QuaDream spyware has been hitting journalists in the latest zero-day exploit.

According to reports, Microsoft and Citizen Lab have found out that Israel-based spyware provider QuaDream is linked to the latest widespread hack of iPhones.

Unlike NGOs, QuaDream is operating as a little-known supplier of malicious software. While its fame is not yet recognized, it should be noted that its notorious plan to deploy zero-day exploits should be on the radar of cybersecurity experts.

QuaDream Spyware Has Compromised iPhones of Journalists

Beware iPhone Users: QuaDream Hackers Use Calendar Invites to Spread Spyware on Malicious Links
Researchers from Microsoft and Citizen Lab have discovered that QuaDream-linked spyware is compromising the iPhones of journalists and other figures. Priscilla Du Preez from Unsplash

Spreading malware comes in many forms and shapes. Some hackers use a device to spread the infection across other devices, while other cyber criminals force the victim to click on the malicious link to activate the virus.

While one of the most common methods to deploy malware or spyware is via links, QuaDream can access the target's gadget by sending malicious calendar invites-and clicking on suspicious links is no longer required.

According to Reuters, the low-profile spyware maker based in Israel remains a stiff competitor to NSO Group, a dangerous firm that the US blacklisted last year following reports of harassment and abuse.

QuaDream appears to operate in silence, as Microsoft Associate General Counsel Amy Hogan-Burney described it as a group that continues to "thrive in the shadows."

Citizen Lab conducted a thorough internet scanning of QuaDream's operations. It turns out that it's active in activating its servers across several countries, including UAE, Czech Republic, Ghana, Mexico, Bulgaria, Singapore, Romania, Hungary, and Uzbekistan.

According to the findings of Microsoft, the spyware has compromised the iPhones of over five victims. The Redmond tech giant said the affected people were politicians, journalists, or NGO employees.

QuaDream hackers planted the spyware as zero-day for iOS 14. Citizen Lab said the group disguised the exploit as "malicious calendar invites" with embedded dates.

Per Citizen Lab's senior researcher Bill Marczak, users won't see any notification about the spyware, making it harder to detect.

To protect the victims' names, the company vowed to keep them anonymous. What's more, they came from different countries, making it even more difficult for some of them to come out.

"Nobody necessarily wants to be the first in their community to come out and say, 'Yes, I was targeted,'" he said.

QuaDream is Focusing on iOS Only After Android Shutdown

In an interview with TechCrunch, an unknown person who knows about the spyware industry said that QuaDream bypasses the export regulator in Israel. The source reveals the company's recent deals with other nations in Africa.

The person adds that QuaDream's first customer outside Saudi Arabia was Singapore before it served Uzbekistan, the UAE, and Ghana.

To make way for iOS, the Israeli spyware maker decided to close the doors for its Android division.

Speaking of spyware, Apple launched Lockdown mode to block Pegasus from attacking the users. Because the spyware was already considered a "threat to democracy," the Cupertino firm released an update to prevent NSO Group from accessing the victim's device.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics