Newly iPhone spyware tool sold to governments for targeted surveillance

A new type of spyware has been discovered being sold to various governments throughout the world and is meant to be used to spy mainly on journalists, activists, and political opponents. Here’s what we know so far and how you can make sure your devices are always protected.

What is this new spyware?

A new report from Citizen Lab revealed that the spyware, which has been given the name Reign, is used to monitor the activities of targeted high-profile individuals. The Microsoft Threat Intelligence team was able to analyze the spyware and found that it was provided by the Israeli company QuaDream.

QuaDream is known for developing advanced spyware tools and caters to several prominent governments throughout the world. There have been at least five targeted spyware cases in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

MORE: BEWARE OF NEW MACSTEALER MALWARE THAT CAN STEAL YOUR ICLOUD KEYCHAIN DATA AND PASSWORDS

How does Reign attack people’s devices?

The spyware reaches all these devices through what is known as the “Endofdays” iOS 14 zero-click exploit. This uses backdated iCloud calendar invites that when sent to targeted people are automatically accepted.  Once the invitation is on a person’s device, spyware operators can access multiple iOS features.   Hackers can get to your audio recordings of calls, iPhone microphone and camera access, access to the iPhone Files app, iPhone location tracking, generation of iCloud 2FA passwords, and more.

How was Reign discovered?

Reign was discovered because it comes with a feature that ironically was supposed to help it remain undiscoverable. The feature was one of self-destruction where Reign could remove traces of itself on a device so that no one would be able to find it. However, this ended up helping research teams in identifying when a target was attacked.

MORE: TOP BROWSERS TARGETED BY NEW MALWARE TO STEAL YOUR SENSITIVE DATA

It is believed by Citizen Lab that QuaDream’s spyware has been linked to over 600 servers and 200 domains since late 2021. The company also believes that QuaDream spyware is currently operating in the following countries:

  • Czech Republic
  • Hungary
  • Ghana
  • Bulgaria
  • Romania
  • Israel
  • Mexico
  • United Arab Emirates (UAE)
  • Uzbekistan
  • Singapore

 

How can I protect myself from spyware?

Although Reign has not yet been detected as a threat to the U.S. government, and it doesn’t seem to be targeting citizens with low-profile statuses, it’s important that you still know how to protect yourself from spyware.

Have good antivirus software on all your devices

Find my review of Best Antivirus Protection here.

Best Antivirus Protection

For more of my security alerts, subscribe to my free CyberGuy Report Newsletter here

 

Related:

 

 

Related posts

How your browser is spying on you. Hidden dangers lurking behind every click

T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms

Must-do privacy settings on your iPhone in iOS 18.1