BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • iPhone system calendar 'invites' users to install Israeli spyware

    Citizen Lab researchers, together with Microsoft Threat Intelligence, have discovered commercial spyware created by the Israeli company QuaDream, which was used to compromise the iPhone using the ENDOFDAYS Zero-Click exploit. Microsoft dubbed the malware "KingsPawn".

    The attackers targeted a zero-day vulnerability affecting iPhones running iOS versions 14.4 through 14.4.2 using a technique described by Citizen Lab as "invisible iCloud calendar invitations." The “invisibility” of such invitations is that they are backdated and can be added to the iCloud calendar with absolutely no notice, but allow hackers to perform an exploit called “ENDOFDAYS” that leads to the installation of malware.

    The victims of the malicious campaign are journalists, political opposition figures and employees of other non-governmental organizations. “We are not releasing the names of the victims at this time,” the Citizen Lab researchers said.

    “We found that spyware also contains a self-destruct function that removes various traces left by malware,” the experts added.

    According to Citizen Lab, spyware has a wide range of functions - from recording ambient sound and calls to allowing attackers to view any files on victims' smartphones.

    The full list of features found in the QuaDream spyware analysis includes the following:

    • recording phone calls;
    • recording sound from a microphone;
    • device location tracking;
    • hidden photography through the front or rear camera of the device;
    • exfiltrate and remove items from iCloud Keychain;
    • hacking the Anisette framework and intercepting the gettimeofday system call to generate iCloud login codes based on one-time passwords (OTP) (the researchers suspect that with this method, attackers can generate passwords for 2FA for future dates in order to always be able to log into iCloud of a compromised device);
    • running queries against SQL databases on the phone;
    • performing various operations with the file system, including searching for files that match the specified characteristics;
    • cleaning traces of the exploit.

    Citizen Lab has discovered QuaDream servers in many countries, including Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates (UAE), and Uzbekistan.

    According to the researchers, this study is just a reminder that the spyware industry is much broader than it seems at first glance. And that cybersecurity professionals and ordinary users alike must remain vigilant.

    “Until the uncontrolled distribution of commercial spyware is successfully stopped through systemic government regulations, cases of abuse will continue to rise, fueled by companies with recognizable names and those still operating in the shadows,” Citizen Lab said.

    A year ago, Citizen Lab also revealed the details of an iMessage Zero-Click exploit dubbed "HOMAGE". The exploit was used to install NSO Group spyware on the iPhones of Catalan politicians, journalists and activists.

    Commercial spyware provided by surveillance technology vendors such as NSO Group, Cytrox, Hacking Team and FinFisher has been repeatedly deployed on Android and iOS devices subject to zero-day vulnerabilities, most often using Zero-Click exploits in which the victim does not even understand that his smartphone was compromised.

    Author DeepWeb
    UK intelligence: more than 80 countries around the world use spyware against citizens
    Mass distribution of the malicious tool "Legion"

    Comments 0

    Add comment