New reports released today from Microsoft Corp. and Citizen Lab detailed a little-known Israeli spyware vendor whose software has been used by governments to hack and spy on iPhones belonging to journalists, political figures and nongovernment organizations.

The company goes by the name of QuaDream and, perhaps not surprisingly, it was founded by ex-employees of well-known Israeli spyware maker NSO Group Ltd. Like NSO Group, QuaDream designs zero-click spyware, a form of malware used to target devices that requires no interaction from the intended victim.

The software sold by the group, which it calls Reign but has been dubbed ENDOFDAYS by Citizen Lab and KingsPawn by Microsoft, targets iOS versions 14.4 and 14.4.2 and possibly other versions of iOS. The spyware uses invisible iCloud calendar invitations sent from the spyware’s operator to victims.

QuaDream only sells the spyware and does not operate it, with those buying it responsible for its operation. The company primarily sells the spyware to governments. Those believed to have both purchased and used the software include Saudi Arabia, Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates and Uzbekistan.

Once the Reign spyware has gained access to a victim’s Apple device, it records phone calls, captures audio using the phone’s microphone, takes pictures, steals files and tracks the victim’s location. The spyware also uses obfuscation techniques to hide forensic traces of its existence.

Although Reign does attempt to hide itself, the researchers at Citizen Lab were able to trace the spyware by identifying marks it leaves behind, what they call the “Ectoplasm Factor.” What those signs are has not been revealed so they can continue tracking Reign in the future.

With its tracking, Citizen Lab identified at least five victims, including politicians, journalists and NGO workers in Europe, North America, the Middle East and Southeast Asia.

The detailing of the group’s activities raises broader concerns over commercial spyware operators, a concern that has previously been raised over the NSO Group.

“This report is a reminder that the industry for mercenary spyware is larger than any one company and that continued vigilance is required by researchers and potential targets alike,” the Citizen Labs researchers concluded in their report. “Until the out-of-control proliferation of commercial spyware is successfully curtailed through systemic government regulations, the number of abuse cases is likely to continue to grow, fueled both by companies with recognizable names, as well as others still operating in the shadows.”

Image: Needpix