Security News > 2023 > April > Another zero-click Apple spyware maker just popped up on the radar again

Another zero-click Apple spyware maker just popped up on the radar again
2023-04-12 00:42

Reports from Microsoft and The University of Toronto's Citizen Lab both conclude that government-serving spyware maker QuaDream used a zero-click exploit targeting Apple devices running iOS 14 to deliver spyware marketed under the name Reign to victims' phones.

Once somehow up and running via this method, the spyware was able to exfiltrate various elements of device, carrier, and network info; search for and retrieve files; use the camera in the background; monitor calls; access the iOS keychain; generate iCloud one-time passwords; and more, said Microsoft.

If all of this sounds familiar, that's because QuaDream's case is startlingly similar to what Israeli spyware maker NSO Group, makers of the Pegasus spyware used by various governments to spy on journalists, opposition politicians and dissidents, has been accused of.

"At least one target who was notified by Apple tested positive for QuaDream's spyware and was negative for Pegasus," Citizen Lab said in its report.

Microsoft recommended that anyone who believes they may be at risk of being targeted by commercial spyware should enable iOS's lockdown mode, which Apple launched last year to combat commercial spyware attacks like Pegasus.

Despite the spyware's attempts to hide itself, Citizen Lab said that it found evidence that the malware did leave some traces behind, which it didn't cover in its report "As we believe this may be useful for tracking QuaDream's spyware going forward."


News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/12/quadream_spyware_microsoft_citizenlab/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349