Citizen Lab says victims’ phones infected after being sent a iCloud calendar invitation in a ‘zero-click’ attack
Security experts have warned about the emergence of previously unknown spyware with hacking capabilities comparable to NSO Group’s Pegasus that has already been used by clients to target journalists, political opposition figures and an employee of an NGO.
Researchers at the Citizen Lab at the University of Toronto’s Munk School said the spyware, which is made by an Israeli company called QuaDream, infected some victims’ phones by sending an iCloud calendar invitation to mobile users from operators of the spyware, who are likely to be government clients. Victims were not notified of the calendar invitations because they were sent for events logged in the past, making them invisible to the targets of the hacking. Such attacks are known as “zero-click” because users of the mobile phone do not have to click on any malicious link or take any action in order to be infected.
