Pegasus Spyware Attack
Spyware | 12/05/2019

How to Stop Pegasus Spyware Attack on your device?

About: Pegasus Spyware attacked 1400 Whatsapp, both Android & iOS users, across 20 countries & gained illicit access to their private data including texts, e-mails, passwords & contact list. To learn how to prevent Pegasus attack, refer to the post...  Read More  

| Spyware | How to Stop Pegasus Spyware Attack on your device?

Guide to Remove Pegasus Spyware-

Considered as the most sophisticated & devastated attack ever seen in the cyber history, the nasty Pegasus Spyware made its major comeback in May 2019. According to the reports, Pegasus Spyware Attack breached Whatsapp’s security walls & targeted over 1,400 Whatsapp users around the world.

Pegasus Targets Whatsapp users

The spyware was being used to inject malicious code into the user’s phone. Later in October 2019, Whatsapp confirmed that Pegasus Spyware targeted & breached mobile devices of around 20 Indian journalists, lawyers & human rights activists’ weeks before the Lok Sabha elections in India.

Whatsapp also officially announced that most of the intended victims of Pegasus were activists too. The social media platform also confirmed that it addressed the issue & promptly released the security patch to fix the vulnerability.

Today, almost every mobile user is aware of the fact that all their digital data is continuously under surveillance. Malicious viruses such as Pegasus Spyware are lurking & spying on both Android & iOS Mobiles without any bars.

Questions such as how Pegasus comes into mobile or how to remove Pegasus spyware from android or iPad are obvious to resound in the minds of smart-devices users. Don’t worry! We’ve got you covered.

Let us get a detailed insight of what is Pegasus, its threat behavior & ways to protect your device from its attack.

Understanding what is Pegasus | Glimpse into its history

Developed by an Israel-based Cyber-arms firm, NSO Group, Pegasus is the name of one of the most pernicious iOS & Android spyware.

This nasty spy application surfaced to lime-light for the first time in August 2016. It carried the most sophisticated & persistent mobile attack ever found by exploiting three zero-day security vulnerabilities in iOS. These vulnerabilities allowed the Israeli spyware to jailbreak the iOS device & install spyware on it.

Insight into the First Pegasus Attack (August 2016)-

Ahmed Mansoor, a human rights activist from UAE, reported the first instance of Pegasus Spyware Attack. He received several text messages that contained a link & promised secret information associated with UAE Jails.

After sensing something fishy about the links, he forwarded the links to Citizen Lab. A thorough investigation of the links was carried out in collaboration with Lookout Security Company. It revealed that a mere click on the link would have jailbreak Ahmed’s phone & installed the spyware on it.

The behavior of the malicious links & C&C Servers was meticulously studied by Citizen Lab & the team found three zero-day exploits that were compromised by Pegasus. After scrutinizing the internet to find other similar front-end servers, Citizen Lab found around 237 active Pegasus servers.

Pegasus infections were identified in over 45 countries including Brazil, Canada, France, Greece, India, Mexico, the Netherlands, Poland, South Africa, Switzerland, the United Kingdom & the United States.

Detailed analysis by companies such as Lookout & Google declared that Pegasus Spyware is capable of reading text messages, storing the screenshots, recording calls, gathering passwords, tracking device’s location & even act as keys logger.

Pegasuus hacked camera

Apple’s Reaction to the First Pegasus Spyware Attack-

The News of Pegasus Attack on iOS gathered enormous media attention.

While iPhone & iPad clients claim that there’s no malware for iOS, the Pegasus attack of August 2016 revealed that even iOS is prone to malware attack. This nasty spy application is capable of hacking any iPad or iPhone, the research says.

No wonder why tech giants & security firms are calling it the most sophisticated attack the cyber-world has seen so far.

In response to the attack, Apple released iOS Version 9.3.5 security patch to fix the three vulnerabilities.

Threat Summary of Pegasus Spy Application-

Threat Summary
Name Pegasus
Type Spyware
Category Malware
Targeted OS Android & iOS
Damage The hackers gain access to text messages, audios, voice calls, pressed keys, contact list, e-mails, screenshots, device’s location, calendar events. It can also access mobile’s camera & microphone & turn it into a surveillance device.

The Beginning of Pegasus Spyware Attacks 2019:

The Pegasus attack of May 2019 is considered as a major comeback of the infamous Israeli Spyware.

Whatsapp, one of the social media giants, claimed that it found a software vulnerabity in the application’s calling feature. The flaw was used by the NSO Group to insert malevolent links into the user’s phone through the video calling feature.

After identifying Pegasus Attack, Whatsapp & its parent company, Facebook filed a complaint in the California Court against NSO Group for targeting around 1400 Whatsapp users around the world.

What is NSO group?

NSO Group is a private Israel-based cyber-arms firm that claims to provide certified governments around the world with technology & software such as Pegasus for lawful interception.

While Pegasus Spyware is sold to the governments to help them fight crime, it is suspected to be used by its developers for other illicit purposes.

How did Pegasus exploit Whatsapp?

According to the reports & analysis conducted by cyber-security analysts, hackers used a major security bug in Whatsapp to remotely install the Pegasus Spy Application on the targeted mobile devices.

The Pegasus ranks under a special category of buffer overflow exploit. Such softwares are capable of altering & manipulating the source code of a designated application according to the instructions received by the hackers.

The VoIP Stack vulnerability in Whatsapp allowed the threat-actors to install Pegasus spy application on the Android & iOS devices by simply calling the number on Whatsapp.

The targeted devices received video or voice call request from an unknown number on Whatsapp. It is startling to know that the calls, even if ignored by the user, allowed the Pegasus Spyware to be installed on the device.

What Whatsapp Did? Soon after Pegasus Spyware Attack was reported in May 2019, Whatsapp rolled out an update empowered with security patches & added new protection to its systems. It advised the users to update Whatsapp to the latest version.

Threat Behavior of Pegasus Spyware-

As per sources, Facebook, the owner of Whatsapp messaging app, said that NSO Group injected the Spyware on devices by routing Whatsapp call on Whatsapp’s server.

It was able to access the devices through Whatsapp by a technique called Reverse-Engineering. NSO Group is believed to have fooled the servers by disguising the malicious Pegasus code as Whatsapp traffic.

While the users blamed Whatsapp for the security breach, Facebook claims that end-to-end encryption feature of Whatsapp was not broken. Sadly, following the revelations of Pegasus Spyware Attack, the number of Whatsapp downloads in India dipped to a great extent.

The reports by cyber-security analysts say that Pegasus attacked over 1400 Whatsapp users across 20 countries, including 121 in India. The targeted users comprised of lawyers, senior government officials, journalists & activists.

Threat Posed by Pegasus Spyware

Threats of Pegasus Spyware Attack on the Targeted Device-

The Pegasus Spy Application is claimed to have taken over the targeted devices during a video call.

Following the successful installation, Pegasus scans the device & installs certain modules that aid in spying on the device.

The security breach allowed the attackers to –

  • Read text messages & Mails
  • Record voice calls
  • Capture Screenshots
  • Harvest pressed keys
  • Gather images, calendar events & passwords
  • Listen to encrypted audios,
  • Spies on the contact list
  • Gather the device’s location

It transforms the device into a constant surveillance device by hijacking a mobile’s camera & microphone.

It also possesses the capability of stealthily gathering data from various applications & browsers installed on the targeted device. These include, however are not limited to, Facebook, Skype, Gmail, Telegram, Viber & iMessage.

Distribution Techniques of Pegasus Spy Application-

Pegasus Spyware is capable of infecting both Android & iOS devices. It uses number of ways to spread its infection & hack into a mobile device.

Following are some of the spread techniques:

1). Social Engineering: Pegasus send out “exploit links” to the targeted people via text messages. A mere click on these links would penetrate security features on the mobile device. Hence, it leads to the installation of Pegasus Spyware on the device without the owner’s intervention, knowledge or permission.

2). Using Zero-Day Exploits: Pegasus used this technique to target Whatsapp users around the world. It leveraged a bug in Whatsapp VoIP Stack to send voice & video calls on the targeted mobile devices. This method allowed the hackers to install Spyware on the device by merely sending a missed call on Whatsapp.

How to prevent Pegasus from infecting your device-

Here are a few preventive measures that will help you in securing your device against the attack of Pegasus spy Application.

1). Keep the device’s OS updated: Smart-phone users, whether Android or iOS are advised to keep the phone’s OS updated to the latest version. Apple & Google are the two major tech giants that keep releasing security patches on a regular basis.

These updates are helpful in repairing any potential flaw or vulnerability in the security features of the mobile devices.

2). Don’t fall for luring & unknown links: Malware such as Pegasus are capable of infecting the devices via unknown & corrupted links sent in text messages, e-mails or Twitter posts.

Therefore, mobile-phone users are advised to avoid clicking on luring links sent from unreliable sources. Think twice before clicking on it. By doing so, you take a step towards the protection of your device against spying.

In case you sense something fishy with the text message/e-mails, simply delete them without opening it.

3). Install good & reliable Security Software: It is one of the effective measures to protect your devices from the attack of Pegasus. Ensure downloading anti-virus from the official App Store only.

We recommend using Internet Security Software such as BULL GUARD & Vipre in your PC so that it remains safe against Pegasus.

Hits: 1006

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866