iPhones Hacked via Zero-click Exploit to Drop QuaDream Spyware


In collaboration with Citizen Lab, Microsoft recently uncovered an alarming discovery about QuaDream, an Israel-based firm. 

The company was found to be behind the development of commercial spyware dubbed “KingsPawn” that uses a zero-click exploit called “ENDOFDAYS” to compromise high-risk individuals’ iPhones.

Threat actors exploited a zero-day vulnerability that affected the iPhones running iOS 14 or later versions up to 14.4.2. 

Between January 2021 and November 2021, the attack employed a sophisticated backdated technique involving “invisible iCloud calendar invitations,” making them nearly impossible to detect.

Zero-click Exploit to Drop Spyware

One way the ENDOFDAYS exploit could remain undetected by targets was by using backdated timestamps on iCloud calendar invitations.

When all these backdated invitations were sent to iOS users, they were automatically added to their calendars without the user having to do anything, reads Microsoft report.

This automatic addition provided a stealthy means for the exploit to run without the user’s knowledge.

QuaDream’s spyware has compromised a total of five civil society organizations in the following regions:-

North America

Central Asia

Southeast Asia

Europe

The Middle East

While here below, we have mentioned the victims that are primarily targeted:-

Journalists

Political opposition figures

An NGO worker

The surveillance malware, KingsPawn used was equipped with a stealthy feature, the ability to self-delete and erase all traces of its existence on victims’ iPhones. 

This design feature enabled the malware to evade detection, leaving victims unaware that their devices had been compromised. This self-destructing feature was detected on the victims’ devices, revealing a name for the process used by the spyware.

Capabilities of KingsPawn

Based on Citizen Lab’s analysis, the spyware discovered in this attack campaign appears highly sophisticated and invasive since it boasts many features.

Here below, we have mentioned the complete list of capabilities that KingsPawn features:-

Get device information

Recording audio from phone calls

Recording audio from the microphone

Wi-Fi information

Cellular information

Search for files

Retrieve files

Use the device camera in the background

Get device location

Monitor phone calls

Access the iOS keychain

Generate an iCloud time-based one-time password (TOTP)

Apart from this, QuaDream servers were discovered across multiple countries, including:-

Bulgaria

The Czech Republic

Hungary

Ghana

Israel

Mexico

Romania

Singapore

United Arab Emirates

Uzbekistan

This discovery shows that the spyware used to target high-risk individuals is an alarming reminder of the scope and scale of the mercenary spyware industry.

This industry encompasses a vast network of companies, making it challenging to pinpoint any one culprit responsible for such attacks.

The prevalence of commercial spyware provided by surveillance tech providers has raised concerns about the security of vulnerable Android and iOS devices. 

The spyware is often deployed on devices susceptible to zero-day flaws, exploiting previously unknown vulnerabilities and granting the attacker broad access to the device’s data and functions.

Why do Organizations need Unified endpoint management – 
Download Free E-books & Whitepapers

Related Read:

Apple Zero-Days Exploited to Hack iPhones and MacOS

Warning! Apple Fixes Actively Exploited iOS Zero-Day on iPhones & iPads

Apple New Webkit Zero-day Flaw Used Actively Used in Attacks Against iPhones

The post iPhones Hacked via Zero-click Exploit to Drop QuaDream Spyware appeared first on Cyber Security News.