Mercenary Spyware Hacked iPhone Victims With Rogue Calendar Invites, Researchers Say

Hackers using spyware made by a little known cyber mercenary company used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker, according to two reports. From a report: Researchers at Microsoft and the digital rights group Citizen Lab analyzed samples of malware they say was created by QuaDream, an Israeli spyware maker that has been reported to develop zero-click exploits -- meaning hacking tools that don't require the target to click on malicious links -- for iPhones. QuaDream has been able to mostly fly under the radar until recently. In 2021, Israeli newspaper Haaretz reported that QuaDream sold its wares to Saudi Arabia. The next year, Reuters reported that QuaDream sold an exploit to hack iPhones that was similar to one provided by NSO Group, and that the company doesn't operate the spyware, its government customers do -- a common practice in the surveillance tech industry. QuaDream's customers operated servers from several countries around the world: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan, according to internet scans done by Citizen Lab. Both Citizen Lab and Microsoft published groundbreaking new technical reports on QuaDream's alleged spyware on Tuesday. Microsoft said it found the original malware samples, and then shared them with Citizen Lab's researchers, who were able to identify more than five victims -- an NGO worker, politicians, and journalists -- whose iPhones were hacked. The exploit used to hack those targets was developed for iOS 14, and at the time was unpatched and unknown to Apple, making it a so-called zero-day. The government hackers who were equipped with QuaDream's exploit used malicious calendar invites with dates in the past to deliver the malware, according to Citizen Lab.

Read more of this story at Slashdot.