NSO’s Pegasus Spyware: Here's Everything you need to know
What Is the Pegasus Spyware?
Pegasus aka Q Suite is spyware that is created by an Israeli private surveillance company called the NSO Group, the Pegasus Spyware is a very sophisticated piece of spyware that has the capacity to infiltrate the target’s devices easily and extract almost any piece of information it wants.
Who or What is NSO Group?
In short, NSO Group aka Q Cyber Technologies makes products that let governments spy on citizens. The company describes the role of its products on its website as helping “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” during terrorism and criminal investigations. But as you might imagine, civil liberties groups aren’t happy about the spyware-for-hire business, and restricting the business to government clients does little to quiet their concerns.How Does Pegasus Spyware Works?
Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed.
A previous version of the spyware — from 2016 — infected smartphones using a technique called “spear-fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent versions.
A previous version of the spyware — from 2016 — infected smartphones using a technique called “spear-fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent versions.
How Does Pegasus Spyware infect your Smartphone?
Before the recent leak back in 2019, Pegasus used multiple methods to worm its way into the phones of various individuals. The spyware has since become even stronger and notably uses the following methods to gain access to a target’s phone.
- A compromised website link that the victim is fooled into clicking. Once done, Pegasus is automatically installed on the device in the background, without the user’s knowledge.
- The intricate use of zero-day vulnerabilities, which are bugs in an app or a phone’s operating system that the companies don’t even know about yet. Exploiting Whatsapp’s zero-day vulnerability, Pegasus Spyware made its way on devices through a simple Whatsapp call made to the target’s phone. The targets didn’t even have to receive the WhatsApp call for spyware to infect their device. A missed call to their phone number was enough, and the spyware could get to work, stealing data right away. Moreover, Pegasus automatically deleted the call log entry of that specific call, so the target does not even know a call took place at all. WhatsApp has since patched the issue.
- When it comes to the Apple ecosystem, Pegasus Spyware recently began exploiting zero-day vulnerabilities in Apple’s iMessage. This provides Pegasus access to many phones to run and collect data on across the world.
What information can be compromised?
Once infected, a phone becomes a digital spy under the attacker’s complete control.
Upon installation, Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls (even those via end-to-end-encrypted messaging apps). The attacker can control the phone’s camera and microphone, and use the GPS function to track a target.
To avoid extensive bandwidth consumption that may alert a target, Pegasus sends only scheduled updates to a C&C server. The spyware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by the attacker, when and if necessary.
Is the Pegasus Spyware Dangerous?
Talking about the severity of the Pegasus in general, there’s no doubt that the much-talked-about spyware is really dangerous. The prime principle behind this spyware is to gather as much information as it can on the selected individuals and send it back to NSO’s clients. It is up to the perpetrators to decide what they do with the stolen data.
Well, spyware software is rarely spread around in devices with good intent. So it is safe to assume that individuals appearing in the recent Pegasus spyware leak are targets of a dangerous scheme.
Is there a way to detect if a phone's been infected or not?
Researchers at Amnesty International have developed a tool to check if your phone has been targeted by spyware. The Mobile Verification Toolkit (MVT) aims to help with identifying if Pegasus has infected your device. While it works on both Android and iOS devices, it requires some command-line knowledge to operate right now. However, MVT may receive a graphical user interface (GUI) over time.
How Do You Get Rid of Pegasus Spyware?
From the opinion of multiple security experts and information available, the only way to completely rid yourself of the Pegasus spyware is to discard the infected phone and get a new one.
Furthermore, make sure that all the apps in the new phone are up to date and you change the passwords of all the cloud storage accounts you own. We realize this sounds tedious, but unfortunately, it’s the only way you can rid of this spyware completely.
How Can I Protect Myself from This Spyware?
1) Keep Your Phone and Apps Up-to-Date
Make sure to upgrade your smartphone’s operating system to the latest version. We say this because companies regularly roll out security updates to patch a variety of bugs and zero-day exploits.
Moreover, make sure to regularly update all the apps on your Android and iOS device to their latest version so that you have the best protection possible.
Antimalware is a program that helps combat various types of malware and other malicious programs that are present across the internet. Antimalware deals with the most common malware, including viruses, to more complex ones like rootkits, keyloggers, and certain types of spyware.
As we have already discussed above, one of the prime ways Pegasus can find its way on your phone is through a compromised website link. Therefore, always make sure you can trust the website before you click it.
Comments
Post a Comment