NSO’s Pegasus Spyware: Here's Everything you need to know

Source: Beebom

Back in 2019, Israeli hackers spied on Indian journalists and activists using state-of-the-art spyware called Pegasus. Made by a private company based in Israel, the Pegasus spyware is a powerful malicious tool capable of stealing information. A joint investigation by research and media organizations dubbed “The Pegasus Project” has uncovered a list of people targeted by the spyware as recently as July 2021. Reading the recent stream of news articles must have you wondering – what is the Pegasus spyware and what’s the big deal about it? Is my phone affected by Pegasus as well? This article will talk about what exactly is Pegasus Spyware, what does it do, how does it affect you, and more.

What Is the Pegasus Spyware?

Before we discuss everything about Pegasus, let’s first learn what exactly is spyware software or program. Simply, Spyware is unwanted malicious software that helps attackers infiltrate various devices and steal information from them. 

Pegasus aka Q Suite is spyware that is created by an Israeli private surveillance company called the NSO Group, the Pegasus Spyware is a very sophisticated piece of spyware that has the capacity to infiltrate the target’s devices easily and extract almost any piece of information it wants.

The Pegasus Spyware is marketed and provided to governments around the world. The company claims that the intent of the spyware is to prevent any malicious attacks and keep a close watch on suspicious people. However, the recent flurry of data leaks has revealed that various governments used Pegasus to spy on individuals who weren’t warranted for it.

Who or What is NSO Group? 

In short, NSO Group aka Q Cyber Technologies makes products that let governments spy on citizens. The company describes the role of its products on its website as helping “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” during terrorism and criminal investigations. But as you might imagine, civil liberties groups aren’t happy about the spyware-for-hire business, and restricting the business to government clients does little to quiet their concerns.

Source: Bank Info Security

How Does Pegasus Spyware Works?

Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed.
A previous version of the spyware — from 2016 — infected smartphones using a technique called “spear-fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent versions.

How Does Pegasus Spyware infect your Smartphone?

Before the recent leak back in 2019, Pegasus used multiple methods to worm its way into the phones of various individuals. The spyware has since become even stronger and notably uses the following methods to gain access to a target’s phone. 
  • compromised website link that the victim is fooled into clicking. Once done, Pegasus is automatically installed on the device in the background, without the user’s knowledge. 
  • The intricate use of zero-day vulnerabilities, which are bugs in an app or a phone’s operating system that the companies don’t even know about yet. Exploiting Whatsapp’s zero-day vulnerability, Pegasus Spyware made its way on devices through a simple Whatsapp call made to the target’s phone. The targets didn’t even have to receive the WhatsApp call for spyware to infect their device. A missed call to their phone number was enough, and the spyware could get to work, stealing data right away. Moreover, Pegasus automatically deleted the call log entry of that specific call, so the target does not even know a call took place at all. WhatsApp has since patched the issue.
  • When it comes to the Apple ecosystem, Pegasus Spyware recently began exploiting zero-day vulnerabilities in Apple’s iMessage. This provides Pegasus access to many phones to run and collect data on across the world. 

What information can be compromised?

Once infected, a phone becomes a digital spy under the attacker’s complete control.
Upon installation, Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls (even those via end-to-end-encrypted messaging apps). The attacker can control the phone’s camera and microphone, and use the GPS function to track a target.
To avoid extensive bandwidth consumption that may alert a target, Pegasus sends only scheduled updates to a C&C server. The spyware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by the attacker, when and if necessary.

Is the Pegasus Spyware Dangerous?

Talking about the severity of the Pegasus in general, there’s no doubt that the much-talked-about spyware is really dangerous. The prime principle behind this spyware is to gather as much information as it can on the selected individuals and send it back to NSO’s clients. It is up to the perpetrators to decide what they do with the stolen data.
Well, spyware software is rarely spread around in devices with good intent. So it is safe to assume that individuals appearing in the recent Pegasus spyware leak are targets of a dangerous scheme.

Is there a way to detect if a phone's been infected or not?

While the ways to detect if your device is infected by the Pegasus Spyware are severely limited, there might be a method you can use. 
Researchers at Amnesty International have developed a tool to check if your phone has been targeted by spyware. The Mobile Verification Toolkit (MVT) aims to help with identifying if Pegasus has infected your device. While it works on both Android and iOS devices, it requires some command-line knowledge to operate right now. However, MVT may receive a graphical user interface (GUI) over time.

How Do You Get Rid of Pegasus Spyware? 

You can’t, at least not completely. From what we know of the Pegasus Spyware, for now, it is impossible to wipe every trace of it from your phone. If you think your device has been compromised, we suggest wiping all your existing data and doing a factory reset. However, be aware that even doing that may not completely get rid of this nasty spyware.
From the opinion of multiple security experts and information available, the only way to completely rid yourself of the Pegasus spyware is to discard the infected phone and get a new one.
Furthermore, make sure that all the apps in the new phone are up to date and you change the passwords of all the cloud storage accounts you own. We realize this sounds tedious, but unfortunately, it’s the only way you can rid of this spyware completely.

How Can I Protect Myself from This Spyware?

There are a couple of good practices you should follow to stay safe from Pegasus, or matter of fact, other malicious software.
1) 
Keep Your Phone and Apps Up-to-Date
Make sure to upgrade your smartphone’s operating system to the latest version. We say this because companies regularly roll out security updates to patch a variety of bugs and zero-day exploits
Moreover, make sure to regularly update all the apps on your Android and iOS device to their latest version so that you have the best protection possible.

2) Use Antimalware/ Antivirus Software
Antimalware is a program that helps combat various types of malware and other malicious programs that are present across the internet. Antimalware deals with the most common malware, including viruses, to more complex ones like rootkits, keyloggers, and certain types of spyware

3) Be Wary of Unknown Links
As we have already discussed above, one of the prime ways Pegasus can find its way on your phone is through a compromised website link. Therefore, always make sure you can trust the website before you click it.

4) Monitor App Permissions
While you won’t see the Pegasus Spyware just hanging around like an app, it could be embedded inside any or every app like Whatsapp, Mail, Instagram, and more. So make sure to keep an eye out for permissions an app is using. 

Frequently Asked Questions (F.A.Q)

1) Can a VPN (Virtual Private Network) Protect Me from Pegasus Spyware?
Answer - Unfortunately, it cannot. VPN or a Virtual Private Network cannot help your phone from a Pegasus attack. This is because there are multiple delivery modes and you can get the spyware on your phone by simply being in close proximity with a malicious Bluetooth source. In case the attacker doesn’t have the victims’ phone number or email ID, the Pegasus agent can be silently injected once the number is acquired using a tactical network element such as Base Transceiver Station (BTS)

2) Will Turning off My Phone Stop Pegasus Attack?
Answer - The answer is no. It won’t. For this specific method to work, you need to know exactly when the Pegasus spyware burrows its way into your phone’s files. Currently, there is no software nor tool that acts as a firewall for Pegasus. Hence, you have no way of knowing when exactly to turn off your phone to stop it. Furthermore, the data transmission rate of the Pegasus Spyware is not known. Hence, all your data could be copied before you even get a chance to learn the spyware is here.

3) Can Changing The Phone Number Make Us Sure?
Answer - If you strongly believe you have been a target of the Pegasus spyware, yes, you can go ahead and change your phone number. But, it won’t help eliminate the spyware. So be sure to also get a new smartphone when you get a new phone number since the spyware is usually present inside the device itself.

4) Will disable mobile data, WiFi help?
Answer - No. The Pegasus data transfer speed from your phone may become slow, but this will not stop Pegasus as it has the ability to connect to tactical network devices at a nearby listening post.

5) Will changing iCloud or Google account passwords help?
Answer - No, it won't. Changing passwords and using the same accounts on the infected phone will only help the attackers get your new password details.

6) Will change your phone’s passcode or lock?
Answer - No. Pegasus is not subject to interference from passcode, face unlocks, patterns, or any other type of phone lock feature. You can change passcodes however you like, but Pegasus will keep doing its job.

7) Will encrypting your phone help protect your phone from Pegasus?
Answer - Not really. Encryption helps when your phone has been taken away from your possession and a third party is trying to get your data. But in the case of Pegasus, it stays in your phone. As the data is already decrypted when you're using the phone, what you can see on your screen, Pegasus can see it as well and then pass it to its operators by taking screenshots secretly.

Stay More Safe & Aware from the Pegasus Spyware

The recent investigation has shown Pegasus is still very much active across smartphone devices and could target more people in the future. Furthermore, since private firms like NSO are chasing profit, we are likely to see more spyware upgrades to target operating systems like Windows and Mac. So, we recommend being proactive and checking out these Best Antivirus Packages for your Mac and safeguarding it. Moreover, if you don’t want a heavy antivirus on your computer, check out these Best Portable Antivirus Software for Windows.

Source: The Print

Comments

Most Popular Blogs

How to Save WhatsApp Status Photos and Videos on Your Smartphones or PC

10 Useful Tips To Improve Your Smartphone Battery Life

Top 8 Music Streaming Apps in India 2021

IP Rating Explained: How Much Protection Do They Offer & How to Decode Them?