QuaDream, an Israel-based company that develops spyware for hacking iPhones, is reportedly preparing to shut down.

CTech reported the development on Sunday, citing multiple sources familiar with the matter. The news comes a few days after Microsoft Corp. and Citizen Lab released two reports that shed new light on QuaDream’s operations.

The company sells a spyware product called Reign that can remotely compromise iPhones and steal the data they contain. According to Microsoft, it’s believed that QuaDream sold Reign to governments. Last year, Reuters reported that the company had charged customers upwards of $2 million per year for use of its spyware.

Citizen Lab has found malicious servers linked to Reign in 10 countries. The lab, which is based at the University of Toronto, also discovered traces of the spyware on at least five devices. The compromised devices belonged to journalists, political opposition figures and a nongovernmental organization.

It’s believed that Reign was created primarily to target iPhones running iOS 14. However, Microsoft estimates that it’s “highly likely” QuaDream has updated its spyware to target newer versions of the operating system. Additionally, the tech giant’s researchers determined that some of Reign’s code can run on Android handsets. 

The spyware uses malicious calendar invites to infect devices. On the victim’s device, Reign calendar invites reportedly don’t activate an iOS notification, which makes them particularly difficult to detect.

It also takes other measures to cover its traces. While attempting to steal data, malicious programs sometimes generate files that can be used by antivirus software to detect them. According to Microsoft, Reign includes a module that searchers for such files and deletes them to evade cybersecurity tools.

Microsoft and Citizen Lab have determined that Reign can steal personal information such as WhatsApp messages. It’s also capable of collecting technical data about the device it was used to compromise. The malware can track a handset’s location, as well as access information about the network to which it’s connected.

According to Microsoft, Reign exploits an iOS vulnerability that was also used by NSO Group’s Pegasus spyware. The vulnerability allowed Pegasus to bypass the operating system’s threat detection mechanisms. Apple has since fixed the issue, which primarily affected devices running iOS 14 and earlier.

Apple’s patch rendered the vulnerability unusable for spyware tools such as Pegasus and QuaDream’s Reign. 

According to CTech, QuaDream has notified all its employees that they will be laid off and summoned them for a hearing. The company is expected to shut down in the coming days. QuaDream has reportedly been in a “difficult situation for several months” and it’s believed the reports released last week by Microsoft and Citizen Lab sealed its fate.

Photo: Unsplash