2 min read

QuaDream ‘Reign’ Spyware Used to Hack iPhones of High-Profile Targets


April 12, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
QuaDream ‘Reign’ Spyware Used to Hack iPhones of High-Profile Targets

Security researchers have discovered new evidence of spyware targeting Apple smartphones during the vulnerable days of iOS 14, dating back to 2021.

In a report published this week, Citizen Labresearchers of the University of Toronto identified at least five civil society victims infected with ‘Reign’ spyware developed by Israeli firm QuaDream.

Targets included journalists, political opposition figures, and a non-government organisation worker, in North America, Central Asia, Southeast Asia, Europe and the Middle East.

Operator locations for QuaDream systems were found in Bulgaria, Czechia, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates and Uzbekistan.

Researchers identified traces of a suspected iOS 14 zero-click exploit deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions.

The exploit, dubbed ENDOFDAYS, is said to use invisible iCloud calendar invitations sent from the spyware’s operator to victims.

The spyware can reportedly:

·      Record audio from phone calls

·      Record audio from the microphone

·      Take pictures through the device’s front or back camera

·      Exfiltrate and removing items from the device’s keychain

·      Generate iCl0oud 2FA passwords

·      Run queries in SQL databases on the phone

·      Track the device’s location

·      Perform various file system operations including searching for files matching specified characteristics

·      Clean remnants that might be left behind by zero-click exploits

In a joint advisory, Microsoftresearchers note that, “the captured samples targeted iOS devices, specifically iOS 14, but there were indications that some of the code could also be used on Android devices.”

Microsoft researchers say some of the techniques used in this sample may no longer work or be relevant on newer OS versions, but they caution that QuaDream will very likely have updated their malware targeting newer OS models.

While mercenary spyware attacks are highly targeted, Bitdefender strongly recommends everyone keep their smartphones up to date at all times to stem the risk of malware infection via zero-day exploits.

Apple has recently plugged two new zero-days in both its mobile and desktop operating systems, including on old-generation iPhones, in what appears to be a concerted effort to keep spyware at bay.

In November 2021, the iPhone maker sued Israeli spyware developer NSO group over its Pegasus malware.

In response to the wave of spyware attacks targeting iOS, the Cupertino tech giant introduced a Lockdown Mode setting which reduces the platform’s attack surface.

Regardless of your device model or OS version, it’s important that you deploy a dedicated security solution to stay safe from online harm at all times.




Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like