In March, we wrote about a former Meta security policy manager being hacked and monitored by the Greek national intelligence service for an entire year using commercially available spyware known as “Predator.”
Now, a new report shared by TechCrunch indicates that hackers are using spyware-infested calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker.
According to the report, Microsoft and Citizen Lab, a digital research unit with the University of Toronto, analyzed samples of the malware, and it was reportedly created by an Israeli spyware maker called QuaDream.
QuaDream has been know to create ‘zero-click exploits,’ which means, spyware that doesn’t require the potential victim to click on a malicious link, or download something.
According to Israeli newspaper Haaretz (via TechCrunch), QuaDream had sold some of its spyware to Saudi Arabia in 2021, while a Reuters report indicated that QuaDream sold an exploit that could be used to hack into iPhones.
Both Microsoft and Citizen Lab published reports regarding the malware. The exploit was developed for iOS 14 and at the time, was unknown to Apple, making it a so-called zero-day. The malware allows recording of phone calls, recording of audio using a phone’s microphone, taking pictures, stealing files and tracking the person’s location.
According to Citizen Lab, the iPhone exploit was delivered through malicious calendar invites that were dated in the past. Bill Marczak, a senior researcher at Citizen Lab, told TechCrunch that the infected calendar invite didn’t trigger an invite, so it would largely go unnoticed.
Researchers from Citizen Lab said that although hard to detect, the malware does leave subtle traces that allowed them to track QuaDream’s spyware. Citizen Lab did not reveal the traces.
Learn more about the spyware and how Citizen Lab detected it here.
Source: Citizen Lab, Microsoft Via: TechCrunch