The iPhones of journalists, political opponents and an NGO worker were hacked by Quadream, a little-known Israeli spyware provider . This was the result of research by Microsoft researchers and the Citizen Lab at the University of Toronto. Quadream used a tool that contained calendar invitations containing malicious code for iOS 14. What is particularly worrying is that Quadream is also developing zero-click exploits, as a report from Techcrunch shows. With this type of hacking tools, the target doesn't even have to click on a malicious link to get hacked.

International sale of Quadream: Israel's spyware provider comes under scrutiny

Quadream, the Israeli spyware provider, apparently did not only sell its products to Saudi Arabia, as the Israeli newspaper Haaretz reported back in 2021 . In 2022 Reuters reported that the company also sold an iPhone exploit similar to that of NSO Group's controversial Pegasus spyware. Quadream is also believed to have sold its products to countries such as Bulgaria, the Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, the United Arab Emirates and Uzbekistan.

Researchers discover ectoplasm factor: Quadream spyware leaves traces on iPhones

Microsoft and Citizen Lab have both released technical details about the spyware developed by Quadream. Microsoft discovered the original malware samples and passed them on to Citizen Lab researchers. They were able to identify more than five victims who were targeted by government hackers using the Quadream exploit. The attackers used crafted calendar invites containing past data to spread the malware. These invitations did not trigger any notifications on the target's phone and therefore went unnoticed.

Quadream uses zero-click exploit to take over iPhones

The current attacks that bring Quadream's software into focus are due to the exploitation of a previously unknown security flaw in Apple's iOS. This zero-click exploit, dubbed “ENDOFDAYS” by Citizen Lab, does not require any user assistance. It allows attackers to take over iPhones. The vulnerability is caused by a flaw in the processing of iCloud calendar invitations, which allows the actual malware Kingspawn from Microsoft to be introduced unnoticed.

Citizen Lab researchers found that the malware left traces that allowed them to track Quadream's spyware. They called these traces the “ectoplasm factor.” However, they do not want to reveal the details of how exactly the malware can be tracked in order to preserve their ability to continue tracking Quadream spyware.

a report by TechCrunch, Quadream is using the Cypriot company Inreach as a sales channel for its spyware products in order to circumvent Israel's export regulator. A spyware industry source confirmed this.

Sources:

Golem , Standard , Chip

Already read? Supposed package delivery: Smishing warning


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )