A team of cybersecurity researchers from the CitizenLab at the University of Toronto’s Munk School said the spyware was produced by an Israeli company called QuaDream, which sells the software under the name Reign.
QuaDream was founded by ex-employees of the Pegasus producer NSO Group, a company that has been blacklisted by the U.S. government over allegations of abuse.
Reign can be installed into the victim’s device without the owner having to click on anything. It can record conversations, read encrypted messages, track the owner’s location and infiltrate the victim’s iCloud account.
QuaDream has sold Reign to Saudi Arabia, Singapore, Ghana, and Mexico. The Citizen’s Lab performed internet scanning to identify QuaDream servers, and found operator locations for QuaDream systems in Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE), and Uzbekistan.
Cybersecurity experts have found the spyware in devices of at least five people - journalists, political opposition figures and an NGO worker.
QuaDream keeps a low profile and has no website. In one of its Threat Reports on the Surveillance-for-Hire Industry, Meta said last year that it removed around 250 Facebook and Instagram fake accounts because they were linked to QuaDream.
The researchers recommend that the government implement comprehensive regulations to control the unregulated growth of commercial spyware, which could continue to expand with the help of companies like QuaDream and other covert operators.
