How QuaDream Spyware Hacks iPhones Via Calendar Invites

QuaDream spyware hacks iPhones – Researchers from Microsoft and Citizen Lab found spyware created by QuaDream, an Israeli company, that hacks into iPhones via malicious calendar invites.

It has been reported that high-risk individuals, such as journalists, political figures, and NGO workers, are being targeted.

Is there anything more worrying about the spyware? YES!

QuaDream’s spyware has gone beyond the traditional malicious links and developed zero-click exploits for iPhones – that’s right, no user interaction is necessary!

On top of that, the spyware has a self-destruct mechanism that automatically removes any traces it leaves behind, making it even harder to detect.

QuaDream’s Operations

QuaDream has mostly gone unnoticed until recently.

Reports documented that the company sold its products to Saudi Arabia in 2021, and the following year, Reuters reported that QuaDream sold an iPhone hacking exploit, similar to the one provided by NSO Group.

However, QuaDream’s customers aren’t limited to Saudi Arabia.

suspected operator location (The Citizen Lab)

According to internet scans by Citizen Lab, QuaDream’s clients operate servers in various countries around the world. These include Bulgaria, the Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.

Citizen Lab also revealed that QuaDream sells its products through a Cyprus-based company called InReach.

Spyware’s Capabilities

How does the spyware not need any clicks from the victim?

Citizen Lab described it as “invisible iCloud calendar invitations” that were backdated.

When iCloud calendar invitations with past dates are received on iOS devices, they are automatically included in the user’s calendar without alerting the user, enabling the exploit to operate without any user interaction, making the attacks completely invisible to the targets.

The Citizen Lab

Not only this, but the spyware comes with other extensive range of features.

The spyware can secretly record phone conversations, capture audio using the phone’s microphone, take photos, steal files, track the person’s precise location, and erase any traces that could indicate its presence.


According to the researchers at Citizen Lab, the victims of QuaDream’s spyware and exploits were from various regions, including North America, Central Asia, Southeast Asia, Europe, and the Middle East. At least five individuals from civil society were impacted by this cyber attack and were found to be journalists, political figures, and NGO workers.

The citizen lab did not name the victims since they did not want to be identified as they all belong to different countries.

“Nobody wants to be the first person in their community to come out and say, Yes, I was targeted,” explained Bill Marczak, a senior researcher at Citizen Lab.

In conclusion, Citizen Lab emphasized that the recent report serves as a reminder of the expansive market for mercenary spyware, which goes beyond any single company.

Both researchers and potential targets need to maintain Vigilance.

Without effective government regulations to curb the proliferation of commercial spyware, abuse cases are expected to increase, not just from well-known companies but also from those operating in secrecy.

SiegedSec Cyber Campaign Under States Investigation

New Agent Tesla Variant Being Spread by Crafted Excel Document

Tackling Cyber Risks Head-on Using Security Questionnaires

Super Mario Game Got Trojanized: Used As Vehicle For Crypto Miners And Malware