NSO Group, located in Israel, exploited an undisclosed zero-click iMessage vulnerability to install Pegasus or Candiru malware on iPhones belonging to politicians, journalists, and activists.
On Monday, Citizen Lab, in partnership with Catalan-based researchers, published a paper claiming that 65 people were targeted or infected with malware as a result of an iPhone vulnerability known as HOMAGE. It claims that the NSO Group, a contentious Israeli corporation, and another firm, Candiru, were behind the campaigns that took place between 2017 and 2020.
Candiru, also known as Sourgum, is a commercial company that is accused of selling the DevilsTongue surveillance malware to governments all over the world. The Apple HOMAGE bug is a zero-click vulnerability, which means that no interaction from the victims is required to install malware on their intended targets.