Israeli hacking spyware used in 10 countries including Singapore, study finds

New Israeli-made spyware resembling the notorious Pegasus programme has been used to target journalists and opposition politicians in several countries, a Canadian watchdog said Tuesday.

The spyware and related exploit or hacking software was created by the little-known firm QuaDream Ltd, which was established by a former Israeli military official and veterans of NSO Group, the creator of Pegasus, according to Citizen Lab.

Citizen Lab, which studies the abuse of digital technologies, said it identified at least five people targeted by QuaDream spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

"Victims include journalists, political opposition figures, and an NGO worker," it said, saying it would not identify them at the moment.

Spyware like Pegasus has been widely used by governments and other actors to spy on opponents, media and activists.

The programmes can be placed on computers and cellphones by phishing communications and backdoor exploits, and can survey and transmit information on the phone back to an operator without the user's knowledge.

The White House said in late March that Pegasus has been used by governments "to facilitate repression and enable human rights abuses."

Citizen Lab said that, once placed on a user's phone or computer, QuaDream's spyware can record audio from a phone call, record external sounds from a device's microphone, take pictures from cameras, and search the device's files, all without the user's knowledge.

The spyware can also generate its own two-factor authentication codes to enable continual access to the device owner's cloud accounts.

The spyware includes a self-destruct feature to hide its previous presence once it is no longer used, Citizen Lab said.

Citizen Lab identified servers in 10 countries that received data from victims' devices, including Israel, Singapore, Mexico, the United Arab Emirates and Bulgaria.

QuaDream has marketed its spyware and services to government clients including Singapore, Saudi Arabia, Mexico, Ghana, Indonesia and Morocco, Citizen Lab said.