Skip to content

Citizen Lab & Microsoft Threat Intelligence (both qualified) publish indisputable research on some iOS Calendar Zero Clicks found in the wild.

Apple & Facebook validated the research (equally both qualified).

In recent years, concerns around the use of spyware have grown considerably. The use of such software has been linked to human rights abuses and other forms of misconduct, particularly when it comes to state surveillance. A new report from Citizen Lab highlights the actions of a company called Quadream, which has been found to exploit both its victims and customers.

According to the report, Quadream operates as a vendor of spyware, providing its products to a range of clients around the world. These clients include governments, law enforcement agencies, and other organizations involved in surveillance and intelligence gathering.

The report finds that Quadream has developed a range of spyware products, including those that are designed to intercept phone calls, access text messages, and track the location of targeted individuals. In many cases, these products are marketed as being able to help governments fight crime and terrorism.

However, the report suggests that Quadream’s activities go far beyond this. In particular, the company has been found to exploit both its victims and customers. This includes exploiting vulnerabilities in software and hardware, as well as using social engineering techniques to gain access to targeted devices.

One of the key ways that Quadream exploits its victims is through the use of phishing attacks. The company has been found to use sophisticated phishing techniques to trick individuals into installing its spyware products. This can involve sending targeted emails or messages that appear to come from a trusted source, but which in fact contain malicious links or attachments.

In addition to exploiting its victims, Quadream also exploits its customers. This includes selling spyware products that contain vulnerabilities, which can then be exploited by other actors. The report also suggests that Quadream engages in other forms of misconduct, such as using stolen or fake digital certificates to sign its software products.

Overall, the report highlights the growing concerns around the use of spyware and the need for greater regulation in this area. It also serves as a warning to both individuals and organizations about the dangers of spyware and the need to take steps to protect against it.

https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/
https://t.co/hez8a29anI