New Israeli spyware hacked iPhones in ten countries  

Microsoft revealed it

An Israeli company’s hacking tool was found to be tracking the iPhones of journalists, politicians and organization executives in at least ten countries, including some in Europe. The revelation was made by Microsoft in collaboration with Citizen Lab .

The spyware software, called “KingsPawn”, is linked to the Israeli company QuaDream Ltd, a smaller competitor of the notorious NSO Group which has been accused of multiple espionage incidents in the past. However, unlike the NSO Group, QuaDream has kept a lower profile, does not have a website and its employees are prohibited from mentioning on social media where they work.

Microsoft stressed that mercenary hacker groups like QuaDream ” reign in the shadows and their public exposure is important to stop this activity “. However, neither Microsoft nor Citizen Lab were able to identify KingsPawn’s targets.

Analyzing the spyware, they found that it uses a vulnerability in iPhones. QuaDream employees send malicious calendar invites to gain access to their targets’ iPhones. The invitations were for dates in the past and did not trigger any notification on the phone, making them practically invisible to the victim. The vulnerability is actually “zero-click”, which means that the hacking does not require the victim to click on a link. The vulnerability concerns iOS 14 and until the time of disclosure, Apple did not know about it and it remained active.

The first log package paved the way for the invisibility download of the second malware package, which monitored calls, recorded audio from the microphone, used the camera, stole files, tracked the user’s location and erased any trace of their existence.