Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware


Protect Your Access to the Internet

Microsoft and Citizen Lab on Tuesday released information on the activities, products and victims of an Israel-based spyware vendor named QuaDream.

QuaDream has been making an effort to keep a low profile, but its activities came to light last year, when Reuters described it as a competitor of the notorious Israeli company NSO Group, which is known for its Pegasus spyware. 

QuaDream’s activities were also described last year by Meta, which reported taking down 250 accounts associated with the firm, which the social media giant said was founded by former NSO employees.  

QuaDream has developed an exploitation platform named Reign, which has been offered to government organizations for law enforcement activities. Commercial spyware vendors typically advertise their solutions for such purposes, but investigations often reveal cases of abuse, with governments using spyware against their opponents.  

The Reign platform includes malware, exploits and infrastructure that can be used to steal data from compromised Android and iOS mobile devices. 

One distributor of this platform was a Cyprus-based company named InReach, which is currently in a legal dispute with QuaDream over its alleged refusal to transfer part of its revenue to the Israeli firm, as agreed upon. 

This lawsuit has provided some insight into the spyware vendor’s business practices and Citizen Lab has made public some information on several individuals that appear to be involved with QuaDream and InReach.

Microsoft, which tracks QuaDream as DEV-0196, has published a blog post focusing on the analysis of the iOS malware — named KingsPawn by the tech giant — that is likely delivered as part of the Reign platform. 

The version of the malware analyzed by Microsoft targeted iPhones running iOS 14, with evidence suggesting that some of the code may have been used for Android exploits as well. At the time of the attacks targeting iOS 14, this was the latest version of the operating system. 

Apple was informed about these exploits in 2021 and the company reportedly notified targeted individuals at the time. Reuters reported that QuaDream leveraged the same iOS vulnerabilities that NSO Group used for its