Computer security

iPhone Hacked by QuaDream Spyware: Microsoft and Citizen Lab Report

Microsoft and Citizen Lab have discovered a new commercial spyware that has been used to compromise iPhones belonging to high-risk individuals, including journalists, political opposition figures, and an NGO worker.

The spyware was created by an Israel-based company called QuaDream, which used a zero-click exploit named ENDOFDAYS to target iPhones running iOS 1.4 up to 14.4.2 between January 2021 and November 2021.

How was the iPhone Hacked

The attackers used backdated and “invisible iCloud calendar invitations” to target iPhones. When iCloud calendar invitations with backdated timestamps are received on iOS devices, they are automatically added to the user’s calendar without any notification or prompt, allowing the ENDOFDAYS exploit to run without user interaction and making the attacks undetectable by the targets.

Victims of iPhone Hacked by QuaDream

Citizen Lab researchers found that at least five civil society victims had their iPhones hacked by QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. The researchers did not disclose the identities of the victims.

Features of QuaDream’s Spyware

The spyware deployed in this campaign, dubbed KingsPawn by Microsoft, was designed to self-delete itself and clean out any tracks from victims’ iPhones to evade detection. According to Citizen Lab’s analysis, the spyware comes with a wide range of features, including:

  • Recording audio from phone calls
  • Recording audio from the microphone
  • Taking pictures through the device’s front or back camera
  • Exfiltrating and removing items from the device’s keychain
  • Hijacking the phone’s Anisette framework and hooking the gettimeofday syscall to generate iCloud time-based one-time password (TOTP) login codes for arbitrary dates. This is suspected to be used to generate two-factor authentication codes valid for future dates, in order to facilitate persistent exfiltration of the user’s data directly from iCloud.
  • Running queries in SQL databases on the phone
  • Cleaning remnants that might be left behind by zero-click exploits
  • Tracking the device’s location
  • Performing various filesystem operations, including searching for files matching specified characteristics

QuaDream’s Servers

Citizen Lab found QuaDream servers in multiple countries, including Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE), and Uzbekistan.

The discovery of QuaDream’s commercial spyware is another reminder of the growing industry for mercenary spyware, and the need for continued vigilance by researchers and potential targets alike. Without systemic government regulations, the abuse cases of commercial spyware is likely to continue to grow, fueled both by companies with recognizable names, as well as others still operating in the shadows.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago