Pegasus is a remote access tool (RAT) with spyware capabilities. It was developed by the Israeli cyberarms firm NSO Group that can infiltrate Android devices and certain versions of Apple’s iOS.
Its Android variants are capable of extracting data from popular messengers such as WhatsApp, Facebook and Viber as well as email clients and browsers.
The spyware is capable of remote surveillance through the phone’s microphone and camera as well as taking screenshots and keylogging the user’s inputs.
The spyware is named after the mythical winged horse Pegasus—it is a Trojan horse that can be sent “flying through the air” to infect phones. Here’s a graphic of how it works:
The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. Simply by placing a WhatsApp call to a target device, malicious Pegasus code could be installed on the phone, even if the target never answered the call.
More recently NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones.
Who Were The Targets?
According to the Guardian, Pegasus targeted the mobile phone numbers of the French president, Emmanuel Macron, the South African president, Cyril Ramaphosa, and the Pakistani prime minister, Imran Khan, along with 11 other heads of state and a number of Mexican targets.
This does not mean that particular mobile numbers were selected for actual surveillance using Pegasus, but it is somewhat disturbing. Forensic examinations of a sample of 67 phones found 34 iPhones and three Android phones had contained traces of Pegasus infection or attempted infection. Out of this population, 23 Apple devices were successfully hacked, one of which was running the most current version of iOS.
How Pegasus Infiltrates A Phone ?
According to Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab, “When a device is compromised, it’s done in such a way that allows the attacker to obtain so-called root privileges, or administrative privileges, on the device. Pegasus can do more than what the owner of the device can do.”
How To Protect Your Devices From Pegasus Attack?
In order to protect yourself from Pegasus attack you need to practice safe computing on your devices including:
- Only open links from known and trusted contacts and sources when using your device. This is especially relevant if you receive links as text messages.
- Make sure your device is updated with any relevant patches and upgrades.
- Limit physical access to your phone by enabling a PIN code as well as finger or face-locking on your device.
- Use a VPN.
Human rights group Amnesty International reported in the 2021 Project Pegasus revelations that Pegasus employs a sophisticated command-and-control (C&C) infrastructure to deliver exploit payloads and send commands to Pegasus targets.
