And now there's something else to worry about.
Technology has made our lives easier in so many ways, but stepping into this brave new world can feel like tap dancing through a mine field some days as the threat of hackers looms.
DON'T MISS: Southwest Airlines Has a Growth Plan (You May Not Like It)
Hackers never rest; they're always looking for ways to get our most important information.
Now a previously unknown spyware is emerging, according to a report by researchers at the Citizen Lab at the University of Toronto’s Munk School, and has been used by clients to target journalists, political opposition figures and an employee of an NGO.
The spyware is made by an Israeli company called QuaDream and appears to make use of invisible iCloud calendar invitations sent from the spyware’s operators.
Victims were not notified of the calendar invitations because they were sent for events logged in the past in what is described as "zero-click" because mobile phone users do not have to click on any link to be infected.
QuaDream is known for its spyware marketed under the name “Reign”, which, like NSO Group’s Pegasus spyware, reportedly uses zero-click exploits to hack into target devices.
Attacks Have Short Shelf Life
Citizen Lab said that phones infected with Reign are able to record conversations that happen in the proximity of the phone by controlling the phone’s recorder, read messages on encrypted apps, listen to phone conversations, and track a user’s location.
The spyware is also capable of generating two-factor authentication codes on an iPhone to hack a user’s account.
An Apple spokesperson said the company was “constantly advancing the security of iOS” and that there was no indication that QuaDream’s exploit had been used since 2021.
“In our experience, state-sponsored attacks similar to the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals because of who they are or what they do,” the spokesperson said.
“The vast majority of iPhone users will never be the victims of highly targeted cyberattacks and we will work tirelessly to protect the small number of users who are," he added.
Apple (AAPL) sued NSO Group and its parent company in 2021 for its surveillance software being used to infect its products with Pegasus spyware.
In January, the U.S. Supreme Court allowed Facebook and Instagram parent company Meta Platforms (META) to pursue a lawsuit against NSO for allegedly accessing the social media giant's WhatsApp servers when installing spyware on users’ devices.
Citizen Lab said it based its analysis in part on samples shared with the group by researchers at Microsoft MSFT Threat Intelligence.
'Operating in the Shadows'
Amy Hogan-Burney, Microsoft general manager of cybersecurity policy and protection, wrote that "the explosive growth of private 'cyber mercenary' companies poses a threat to democracy and human rights around the world."
The report said that QuaDream "employs complicated and opaque corporate practices that may be designed to evade public scrutiny and accountability."
"QuaDream operates with a minimal public presence, lacking a website, extensive media coverage, or social media presence," the report said. "QuaDream employees have reportedly been instructed to refrain from mentioning their employer on social media."
Citizen Lab said it was able to identify several figures associated with the company, including its three founders, through a review of corporate documentation, newspaper articles, and databases.
The report also named an individual as the company's legal counsel and the person's email address. The individual did not respond to a request for comment.
“Ultimately, this report is a reminder that the industry for mercenary spyware is larger than any one company, and that continued vigilance is required by researchers and potential targets alike," Citizen Lab said.
The group said that "until the out-of-control proliferation of commercial spyware is successfully curtailed through systemic government regulations, the number of abuse cases is likely to continue to grow, fueled both by companies with recognizable names, as well as others still operating in the shadows."
