The spyware has been distributed to iPhone users with outdated calendar invitations.
Spyware has spread to the device without the user noticing. Tetiana Vitsenko
- The developer of the spyware is the Israeli cyber mercenary company Quadream.
- The program has, among other things, eavesdropped on users, taken photos and stolen information.
- The spread has happened unnoticed with outdated calendar invitations.
- The operation has been sold to several countries, the most significant of which is currently Mexico.
The technology company Microsoft and the digital human rights research group Citizen Lab have reported that the Israeli cyber mercenary company Quadream has distributed spyware to the iPhone. The targets have been journalists, politicians and representatives of non-governmental organizations. Told about it Techcrunch.
The spyware has been spread using digital calendar invitations, and the user has not had to react to the invitation. According to Citizen Lab, the invitations were marked as expired, and the malware was able to spread to the device unnoticed.
– The invitations have not been notified to the devices, which has made it possible to operate invisibly, Citizen Lab’s senior researcher Bill Marczak tells Techcrunh.
Microsoft and Citizen Lab identified more than five victims of espionage. The targets of the spying had iPhones using the iOS 14 system, whose so-called zero-day vulnerability was exploited. This means that Apple, the developer of the phones, had not yet offered users a protective update.
Apple representative Scott Radcliffe said that the vulnerability has not been exploited since March 2021, when Apple released an update to its users. However, the company is said to have developed several hacks for the devices.
A cyber mercenary company operating in Pimenno
The spyware has listened to the target using the phone’s microphone, taken photos, stolen files and tracked the user’s movements. Finally, the program has also erased its own digital traces so that it would not be found. However, Citizen Lab researchers managed to find traces left by the spyware, which they are keeping secret.
According to Citizen Lab, Quadream uses a company called Inreach registered in Cyprus to market its operations. With this, Quadream circumvents Israel’s state export restrictions.
Not much is known about the company’s recent activities. According to the Israeli newspaper Haaretz, Quadream sold its operations to Saudi Arabia in 2021. The following year, Reuters reported that the company had sold iPhone vulnerability data. There is similar information also sold by Israeli cyber intelligence company NSO Group.
However, the users of NSO Group’s spying program have been government customers, and the operation of the program is therefore not the company’s responsibility. This is a common practice in the industry.
A threat to democracies and human rights
Citizen Lab found out where Quadream is most likely to operate. According to them, these are Mexico, the Czech Republic, Hungary, Romania, Bulgaria, Ghana, Singapore, Uzbekistan, Israel and the United Arab Emirates.
– Quadream had four contracts agreed to Africa, but due to Israel’s export restrictions, the contracts could not be implemented, an unidentified permanent person told about the company’s exports.
Unfulfilled contracts indicate that Inreach’s operations are not completely secure.
An anonymous source also said that the company’s most important system is currently in Mexico City, where the spy program is used by the country’s president and administration. The source requested anonymity due to the sensitivity of the information.
According to the source, the company stopped following Android users and focuses only on the iOS operating systems of iPhones.
Published in connection with the Microsoft report in a blog post warns of future explosion of private cyber mercenary companies. These could threaten democracies and human rights around the world.