A report from Microsoft & Citizen Lab has forced Israeli spyware company QuaDream offline. It has been reported that the company has sent termination letters to all employees and will cease to exist in the coming days. QuaDream developed spyware for Apple devices, similar to NSO Group.
This spyware is typically "zero-click" meaning that the victim doesn't actually need to interact with a message, click a link or download a malicious document. Making it extremely dangerous.
QuaDream's malware was reportedly being used against journalists, politicians, and NGO workers across the world and was "exfiltrating data from mobile devices".
If an end user was using a vulnerable version of Apple's iOS, QuaDream could infect the device without them knowing. According to Microsoft, the agent includes capabilities to:
- Get device information (such as iOS version and battery status)
- Wi-Fi information (such as SSID and airplane mode status)
- Cellular information (such as carrier, SIM card data, and phone number)
- Search for and retrieve files
- Use the device camera in the background
- Get device location
- Monitor phone calls
- Access the iOS keychain
- Generate an iCloud time-based one-time password (TOTP)
The spyware economy is rife in Israel. QuaDream, is one of many companies like NSO Group, NFV Systems and Candiru, and sells these hacking tools to enable paying customers to run their targeted cyber operations.
Recently, President Biden signed an Executive Order that prohibits operational use by the United States Government of commercial spyware that poses risks to national security or has been misused by foreign actors to enable human rights abuses around the world.