QuaDream Follows the path of NSO Group

The spyware from an Israeli Firm NSO targeting Apple iOS devices was taken by a storm last year . Now the same spyware has been allegedly used by another firm QuaDream. Like NSO Group, QuaDream founded by ex-NSO employees develops surveillance malware for government and intelligence agencies.

QuaDream, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients. The interesting aspect is that both firms were weaponizing the iOS zero-day in the same period. The two companies were able to remotely compromise iPhone devices without any user interaction.

The two surveillance firms employed the zero-click iMessage exploit dubbed FORCEDENTRY (CVE-2021-30860). Apple addressed the flaw used by the ForcedEntry exploit in September 2021, rendering both NSO and QuaDream’s spyware ineffective.

The iPhones of nine activists, including members of the Bahrain Center for Human Rights, Waad, Al Wefaq, were infected with Pegasus spyware as part of a surveillance operation likely orchestrated by a threat actor tracked as LULU and attributed with high confidence to the government of Bahrain.

Threat actors leveraged two zero-click iMessage exploits to infect the iPhones with spyware, respectively known as 2020 KISMET exploit and a new exploit dubbed FORCEDENTRY.

Researchers discovered that the FORCEDENTRY exploit can bypass the BlastDoor sandbox introduced eight months ago in iOS to block iMessage zero-click exploits.The spyware developed by QuaDream is named REIGN, it has the same capabilities as the NSO Group’s Pegasus spyware, it allows operators to gain full control of the device.

REIGN’s Premium Collection capabilities included the real time call recordings, camera activation front and back and microphone activation reads a brochure of the spyware .One QuaDream system allows to hack into 50 smartphones per year and is offered for $2.2 million, exclusive of maintenance costs.