BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • iPhone system calendar 'invites' users to install Israeli spyware

    Citizen Lab researchers, together with Microsoft Threat Intelligence, have discovered commercial spyware created by the Israeli company QuaDream, which was used to compromise the iPhone using the ENDOFDAYS Zero-Click exploit. Microsoft dubbed the malware "KingsPawn".

    The attackers targeted a zero-day vulnerability affecting iPhones running iOS versions 14.4 through 14.4.2 using a technique described by Citizen Lab as "invisible iCloud calendar invitations." The “invisibility” of such invitations is that they are backdated and can be added to the iCloud calendar with absolutely no notice, but allow hackers to perform an exploit called “ENDOFDAYS” that leads to the installation of malware.

    The victims of the malicious campaign are journalists, political opposition figures and employees of other non-governmental organizations. “We are not releasing the names of the victims at this time,” the Citizen Lab researchers said.

    “We found that spyware also contains a self-destruct function that removes various traces left by malware,” the experts added.

    According to Citizen Lab, spyware has a wide range of functions - from recording ambient sound and calls to allowing attackers to view any files on victims' smartphones.

    The full list of features found in the QuaDream spyware analysis includes the following:

    • recording phone calls;
    • recording sound from a microphone;
    • device location tracking;
    • hidden photography through the front or rear camera of the device;
    • exfiltrate and remove items from iCloud Keychain;
    • hacking the Anisette framework and intercepting the gettimeofday system call to generate iCloud login codes based on one-time passwords (OTP) (the researchers suspect that with this method, attackers can generate passwords for 2FA for future dates in order to always be able to log into iCloud of a compromised device);
    • running queries against SQL databases on the phone;
    • performing various operations with the file system, including searching for files that match the specified characteristics;
    • cleaning traces of the exploit.

    Citizen Lab has discovered QuaDream servers in many countries, including Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates (UAE), and Uzbekistan.

    According to the researchers, this study is just a reminder that the spyware industry is much broader than it seems at first glance. And that cybersecurity professionals and ordinary users alike must remain vigilant.

    “Until the uncontrolled distribution of commercial spyware is successfully stopped through systemic government regulations, cases of abuse will continue to rise, fueled by companies with recognizable names and those still operating in the shadows,” Citizen Lab said.

    A year ago, Citizen Lab also revealed the details of an iMessage Zero-Click exploit dubbed "HOMAGE". The exploit was used to install NSO Group spyware on the iPhones of Catalan politicians, journalists and activists.

    Commercial spyware provided by surveillance technology vendors such as NSO Group, Cytrox, Hacking Team and FinFisher has been repeatedly deployed on Android and iOS devices subject to zero-day vulnerabilities, most often using Zero-Click exploits in which the victim does not even understand that his smartphone was compromised.

    Author DeepWeb
    UK intelligence: more than 80 countries around the world use spyware against citizens
    Mass distribution of the malicious tool "Legion"

    Comments 0

    Add comment