Sunday, October 17, 2021

What is Pegasus spyware, It’s Working, and its News

Must Read

Backdoor accounts found in More than 100,000 Zyxel firewalls, VPN gateways

Dutch cybersecurity researchers have discovered a backdoor account in 100,000 networking devices manufactured by Zyxel, which may grant hackers...

ACLU Sues Government Over Secretly Using Cellular Phone GPS Data

The national government is secretly buying and using our mobile phone location info to find and monitor people in...

Trickbot Malware Comeback using the new VNC module

On Monday Cybersecurity firm Bitdefender Published a Blog Post on Trickbot Malware that using the new VNC module to...

Pegasus was developed by the Tel Aviv, Israel-based cyber intelligence and security firm NSO Group. Pegasus spyware is also known as Q Suite and Trident.

It is the name for perhaps the most powerful piece of spyware ever developed – certainly by a private company. Once it has wormed its way onto your phone, without you noticing, it can turn into a 24-hour surveillance device. It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone’s camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you’ve been, and whom you’ve met.

Pegasus is the hacking software or spyware that is developed, marketed, and licensed to governments around the world by the Israeli company NSO Group. It can infect billions of phones running either iOS or Android operating systems.

It is considered the most sophisticated among all such products available in the market. The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.

Pegasus was meant to be used by governments on a per-license basis. In May 2019, its developer had limited sales of Pegasus to state intelligence agencies and others.

However, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner to succeed. These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.

NSO Group has, however, denied any wrongdoing. It claimed to sell Pegasus only to “vetted and legitimate government agencies”.

How does Pegasus hack a phone?

Pegasus was initially used to gain access to a phone through a malicious web link through a message or email. Once a user clicked on the link, Pegasus would be installed on the phone. But then the spyware also gained some new abilities. Researchers found that it could be even installed on the phone with just a missed WhatsApp call.

This part of Pegasus hacking into phones is one reason why this spyware is so highly rated by those who use it. The phone hacking is almost seamless and the phone user has no clue that their device has been compromised.

Moreover, once Pegasus had access to the device, it could delete any call logs, thus making it virtually impossible for the victim to know that their phone was a target by the spyware.

Once installed on a phone, Pegasus can harvest more or less any information or extract any file. SMS messages address books, call history, calendars, emails, and internet browsing histories can all be exfiltrated.

What Activities can Pegasus perform on your Phone?

According to cybersecurity researchers, following its installation, Pegasus contacts control servers that enables it to relay commands and gather information from the infected device. Stealing passwords, contacts, text messages, and accessing the phone’s camera, microphone, and GPS, and other information with voice or video calls made through Whatsapp are well within its capabilities.

Once Pegasus is on a phone, it can potentially spy on the targeted user completely and thoroughly. Even encrypted chats like the ones made through WhatsApp were accessible to Pegasus.

Why Pegasus is a hot topic in the news

In late 2019, WhatsApp, the Facebook-owned messaging service, confirmed that some 1,400 of its users in 20 countries, including Indian journalists and activists, had been targeted by Pegasus in May that year.

WhatsApp said the spyware exploited its video calling system and a specific vulnerability to send malware to the mobile devices. The vulnerability has since been patched.

NSO allegedly first created fake WhatsApp accounts, which were then used to make video calls. When an unsuspecting user’s phone rang, the attacker transmitted the malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.

Now it is in the news because on Sunday evening several news websites, including the Washington Post and the Guardian, claimed that over 10 governments are using this spyware to spy on journalists, activists, and other key media personalities. In India, according to the reports, over 40 journalists were under surveillance using Pegasus.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This