A Pegasus-like spyware tool called “Reign” that could be used to attack iPhones was sold to governments, it was recently discovered. Governments and their security agencies often use spyware to monitor the activities of certain individuals. For example, the NSO Group’s “Pegasus” spyware has been used to spy on activists, journalists, and political opponents.
Now, a report from Citizen Lab says that based on an analysis of samples shared with them by Microsoft Threat Intelligence, they have discovered a spying tool quite similar to Pagasus in many ways, called “Reign” and provided by Israeli company QuaDream. The tool allows governments to once again conduct spying on opponents.
Citizen Lab says it had identified at least five civil society victims of the spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. The tool has been used in at least five cases. Victims of “Reign” spyware infections include journalists, political opposition figures, and an NGO worker.
The team discovered the spyware has been deployed to target devices via an iOS 14 zero-click exploit. The “Endofdays” exploit uses invisible iCloud calendar invitations sent to victims.
Once installed, the spyware allows bad guys to access various iOS and iPhone features, similar to how Pegasus worked, including:
- Recording audio of calls
- Access to the microphone
- Access to the iPhone’s cameras
- Exfiltrating and removing items from the Keychain
- Generating iCloud 2FA passwords
- Searching through files on the device
- Tracking the iPhone’s location
- The ability to clean up traces of the spyware to minimize detection.
The spyware included a self-destruct feature that had the ability to remove traces of the spyware. but which actually helped researchers identify when a user was attacked with the surveillance tool.
QuaDream, which is still in operation, is believed to have “common roots” with NSO Group, says Citizen Lab. It is also said to be associated with other Israeli commercial spyware vendors, along with Israeli government intelligence agencies. The group was co-founded by a former Israeli military officer, as well as former NSO employees. The group managed to avoid scrutiny for a long period of time.
For more information about the Reign spyware, visit the Citizen Lab website.