Pegasus Spyware

pegasus-spyware-logo

Pegasus Spyware: The world of technology has evolved. While it has several benefits, drawbacks cannot be ignored either. The recent Pegasus malware attack has caught the attention of experts and people worldwide. Pegasus malware is a spyware that can easily hack Android and iOS devices stealing data from the infected gadget or device, including key logs, text messages, emails and information from installed apps like Instagram and Facebook. Moreover, this spyware can record videos and conversations as well as snap images from the camera of the infected device. It was designed and created by NSO Group, an Israel based cybersecurity company founded in the year 2010. The spyware has been around since the summer of 2016.

threat hackers can make use of Pegasus for stealthily gathering information from high-value targets including government officials who have access to the international and national secrets and executives with strategic corporate information.

How it Works and What it Can Do?

People need to know and understand that a Pegasus attack begins with a simple phishing scheme. The attacker looks for and identifies a potential target and sends them a website URL through email, text message, social media or any other form of a message.

If the targeted user has an iOS device, the moment a user clicks on the link, the malware covertly carries out a trio of zero-day exploits against the device of the victim, jailbreaking it remotely so that the Pegasus spyware can be installed. There is an indication that the device has been attacked – the browser closes once the user clicks the link. There is no other sign or warning that something has occurred to the device or that any new processes are running. As soon as Pegasus spyware is installed on the device, it starts contacting the command and control servers of the operator for receiving and executing the command of the operator.

The spyware comprises of malicious apps, processed and codes that continuously spy on what the user is doing on the device gathers all data and reports back the activities of the user. It can easily access and exfiltrate messages, cells, logs, and emails from several installed applications such as Skype, Facebook, WhatsApp, Viber, Facetime, Tango, and Viper. As soon as the spyware jailbreaks the device of the user, it compromises the original application installed on it for capturing data instead of downloading malicious versions of these applications.

When it comes to Android devices, Pegasus does not need zero-day vulnerabilities to root the targeted device or gadget and install the malware. Somewhat, the spyware makes use of a highly popular and commonly used rooting method known as Framaroot.

With Pegasus Spyware for iOS devices, in case the zero-day execution of attack fails to jailbreak the device, the complete attack sequence would fail. However, the hackers who created this malware built functionality into the Android version that enables it to still seek permission so that the Pegasus spyware can have access and exfiltrate data if the first attempt to root the targeted device is going unsuccessful.

 

History of Pegasus Spyware:

It was in the United Arab Emirates (UAE) a human rights activist, Ahmed Mansoor, discovered the Pegasus spyware. He is now in jail. On August 10 and 11, 2016, Ahmed Mansoor received SMS text messages on his iPhone device that promised if he clicked on the link sent in the messages, he will get new information about the people tortured in UAE jails. However, he did not click on the link. Instead, he sent the messaged further to researchers at the Citizen Lab. It is an organization based at Toronto University. The organization did some research and produced pieces of evidence on cybersecurity issues related to human rights concerns. The research of the group includes investigation of digital espionage.

The researchers identified that the links sent to them belonged to an exploit infrastructure associated with the NSO Group that sells Pegasus along with other spyware to the government known for violation of human rights to spy on activities and critics.
When the information related to the iOS versions of the Pegasus spyware was first released, Apple released an iOS security update that helped in patching three vulnerabilities. Google provided help to the researchers investigating the case with the Android version and warned of the potential Pegasus spyware targets directly. According to Google, a few dozens of Android devices have been infected and attacked.

In the year 2018, an Amnesty International staff member got a suspicious WhatsApp message with a link that upon clicking could have installed Pegasus malware on the mobile device of the employee. Ultimately, WhatsApp fixed the flaw that would have allowed a hacker to infect the device of a victim with the Pegasus spyware.

 

Who uses Pegasus Spyware?

nso-group-logo

Israel based NSO Group has said that it sells surveillance-based software products to governments so that they can fight serious crime and terrorism. Its spyware, which also includes Pegasus, has been licensed and issued to dozens of nations, including the UAE, Bahrain, Mexico and Saudi Arabia.

Governments in different parts of the world have used this spyware for targeting activists, including employee of the Amnesty International; at least twenty-four human right defenders, parliamentarians and journalists in Mexico; Saudi Activists; Mansoor – as per the lawsuit filed by Amnesty International and other groups seeking demand to the Israeli Ministry of Defence to revoke the export license of NSO Group.

You might be safe, but….

As soon as the news of the iOS version of Pegasus spyware hit the market, Apple reacted immediately. The company released an iOS security update, 9.3.5, that covered all three of the above-mentioned vulnerabilities.

Google, the company that helped In the investigation of the Android version, also took another path and warned potential Pegasus targets directly. So, if you have updated your iOS devices to the latest version of the software and have not received a warning message from Google, you are perhaps not under scrutiny by Pegasus and safe.

However, saying that does not mean there are no other spyware around both Android and iOS devices. The threat of spyware attack is always there and you need to take proper measures to avert it. and, the existence of Pegasus proved that iOS spyware goes beyond poorly coded ransom-demanding websites and adware that are easy to block. Well, there are some serious threats to deal with. Here we bring to you three steps to stay safe from such possible malware attacks:

  • Make sure you update your device or gadget on time and pay attention to all security updates. Do this without fail.
  • Instead of installing any random security solution, install a good security solution on your gadget. Although there no such solutions for iOS, we can hope that Pegasus would make Apple rethink and reconsider its policy.
  • Do not fall for phishing. Beware of targeted phishing as it happened in the case of Ahmed Mansoor. In case you get a link from an unknown resource, do not be in a hurry to click on it. Think before you click. We will say do not click at all.
    Following these simple steps would help you keep your device safe.

 

Pegasus Spyware and India:

whatsapp-logo

At present, there is no confirmation on how much damage has happened in India, or to what extent people were targeted. However, a WhatsApp spokesperson has confirmed that some Indian users were among those who could have become the target of the cyber-attack that happened in May. In a blog post released by WhatsApp, “We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened.”

However how exactly does this Pegasus spyware work, particularly, after WhatsApp claims to provide high-end encryption techniques is still not known? Pegasus malware is said to be around in the market for three years now and is not ordinary spyware. It works by sending a link, and if the user clicks on it, it gets installed on your device. The moment it gets installed, it starts to contact control servers that enable it to relay commands so one can collect data from the infected gadget or device.

This particular spyware has the potential to steal your calendar info, contacts, voice calls, passwords made through messaging applications, in this case, WhatsApp. More importantly, the threat does not stop there because it can let the attacker have access to the microphone, camera, and GPS of your device. Pegasus spyware has been around for at least three years.

It is the popularity of WhatsApp that makes it an easy target for cybercriminals, hackers and other entities. Even law enforcement agencies across the globe want messages to be decrypted – a particular demand that WhatsApp is fighting in many countries, including India.

There is a lot more to Pegasus spyware that wreaked havoc in many countries. With more and more new details pouring in, it seems now is the time to employ safety measures to keep devices safe from such threats.