Security researchers have discovered new malware with hacking capabilities comparable to Pegasus, which was developed by NSO Group. The software, which is sold by an Israeli company called QuaDream, has previously been used by clients to attack journalists, political opposition leaders and an NGO employee. The company that makes and sells the spyware is called QuaDream.
The malware spread to victims’ phones when the operators of the spyware, believed to be government clients, sent them an iCloud calendar invitation. The cyberattacks took place between the years 2019 and 2021, and the term “Reign” is given to the hacking program that was used.
A Reign-infected phone can, similar to a Pegasus-infected phone, record conversations that take place near the phone, read messages stored in encrypted apps, listen to phone conversations, track a user’s location, and generate two-digit authentication codes. factors on an iPhone to access a user’s iCloud account.
Apple, which has been marketing its security measures as some of the best in the world, has received another blow as a result of the recent revelations. It would appear that Reign represents a significant and unprecedented threat to the security of enterprise mobile phones.
Spyware created by QuaDream attacks iPhones by causing the operators of the malware, believed to be government clients, to send an iCloud calendar invite to mobile users of iPhones. Since the calendar invites were issued for events that had been registered in the past, the hacking targets were unaware of them because they were sent for activities that had already occurred.
Since mobile phone users are not required to click on any malicious links or take any actions to become infected, these types of attacks are called “zero click” attacks.
When a device is infected with spyware, it can record conversations taking place nearby by taking control of the recorder on the device, reading messages sent through encrypted apps, listening to phone calls, and monitoring the user’s position.
The malware can also produce two-factor authentication tokens on an iPhone to log into a user’s iCloud account. This allows the spyware operator to extract data directly from the user’s iCloud, which is a significant advantage. Unlike NSO Group, QuaDream maintains a modest profile among the general population. The firm does not have a website and does not provide any additional contact information on its page. The email address of Israeli lawyer Vibeke Dank was included in QuaDream’s business registration form; however, she did not respond to a letter seeking her opinion.
Citizen Lab did not name the people who were discovered to be targeted by customers while using Reign. However, the organization said that more than five victims were located in North America, Central Asia, Southeast Asia, Europe and the Middle East. These victims were described as journalists, political opponents and employees of an NGO. Additionally, Citizen Lab said it was able to identify operator sites for the malware in the countries of Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan.
In a security report that was published in December 2022 by Meta, the corporation that owns Facebook, the name of the firm was briefly mentioned. The report defined QuaDream as an Israel-based start-up that was created by former NSO staff.
At the time, Meta stated that it had removed 250 accounts on Facebook and Instagram that were linked to QuaDream. The company believed the accounts were being used to test the spyware maker’s capabilities using fake accounts. These capabilities included the exfiltration of data such as text messages, images, video files, and audio files.
Reign’s discovery underscores the continued spread of very powerful hacking tools, even as NSO Group, the developer of one of the world’s most sophisticated cyberweapons, has been the subject of intense investigation and banned by the Biden administration, which is likely to limit your access to new customers. NSO Group is the maker of one of the world’s most advanced cyber weapons.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad