Skip to content

QuaDream shuts shop after Citizen Labs and Microsoft exposé

  • by
  • 2 min read
India, USA, UK and Canada hit with healtcare database attacks: FireEye

Tel Aviv-based QuaDream might just be shutting down after Citizen Lab and Microsoft Threat Intelligence exposed the company for developing spyware being used to target iPhones used by journalists, politicians and a social worker in 10 countries globally. 

QuaDream’s spyware was using an iOS 14 zero-day exploit called Endofdays that relied on invisible iCloud calendar invites sent from the spyware operator to the victims. Now, Israeli newspaper Calcalist reports that all of QuaDream’s employees were notified that they’re about to be laid off and were called in for a hearing, with the company about to cease operations in the coming few days. 

Calcalist further reports that the company has been in a difficult spot for the last several months with the research being the last nail in its coffin. It hasn’t been fully active for a while and there are reportedly only two employees left in its offices whose jobs are to look after the technical infrastructure and equipment left behind. The board of directors is also trying to sell off the company’s intellectual property. 

Unlike other popular Israeli spyware outfits like the NSO Group, QuaDream kept a low profile and doesn’t even have a website showing off its business, with Reuters reporting that employees were told to keep references to the company off their social media accounts. While NSO would often brief journalists under allegations of developing spyware, QuaDream seems to have been a much smaller-scale company that could not survive being exposed to the general public. 

 QuaDream’s malware could be used to record audio from calls and microphones, take pictures using both the front and the rear cameras, export or remove iCloud keychain items, generate iCloud 2FA passwords, search the infected device for files and databases and track device location. When it was done, the malware would clean up after itself and disappear without leaving a trace on the target device. 

In the News: Twitter will tell you if it’s limiting your tweets


Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: [email protected]