Considered as the most sophisticated & devastated attack ever seen in the cyber history, the nasty Pegasus Spyware made its major comeback in May 2019. According to the reports, Pegasus Spyware Attack breached Whatsapp’s security walls & targeted over 1,400 Whatsapp users around the world.
The spyware was being used to inject malicious code into the user’s phone. Later in October 2019, Whatsapp confirmed that Pegasus Spyware targeted & breached mobile devices of around 20 Indian journalists, lawyers & human rights activists’ weeks before the Lok Sabha elections in India.
Whatsapp also officially announced that most of the intended victims of Pegasus were activists too. The social media platform also confirmed that it addressed the issue & promptly released the security patch to fix the vulnerability.
Today, almost every mobile user is aware of the fact that all their digital data is continuously under surveillance. Malicious viruses such as Pegasus Spyware are lurking & spying on both Android & iOS Mobiles without any bars.
Questions such as how Pegasus comes into mobile or how to remove Pegasus spyware from android or iPad are obvious to resound in the minds of smart-devices users. Don’t worry! We’ve got you covered.
Let us get a detailed insight of what is Pegasus, its threat behavior & ways to protect your device from its attack.
Developed by an Israel-based Cyber-arms firm, NSO Group, Pegasus is the name of one of the most pernicious iOS & Android spyware.
This nasty spy application surfaced to lime-light for the first time in August 2016. It carried the most sophisticated & persistent mobile attack ever found by exploiting three zero-day security vulnerabilities in iOS. These vulnerabilities allowed the Israeli spyware to jailbreak the iOS device & install spyware on it.
Ahmed Mansoor, a human rights activist from UAE, reported the first instance of Pegasus Spyware Attack. He received several text messages that contained a link & promised secret information associated with UAE Jails.
After sensing something fishy about the links, he forwarded the links to Citizen Lab. A thorough investigation of the links was carried out in collaboration with Lookout Security Company. It revealed that a mere click on the link would have jailbreak Ahmed’s phone & installed the spyware on it.
The behavior of the malicious links & C&C Servers was meticulously studied by Citizen Lab & the team found three zero-day exploits that were compromised by Pegasus. After scrutinizing the internet to find other similar front-end servers, Citizen Lab found around 237 active Pegasus servers.
Pegasus infections were identified in over 45 countries including Brazil, Canada, France, Greece, India, Mexico, the Netherlands, Poland, South Africa, Switzerland, the United Kingdom & the United States.
Detailed analysis by companies such as Lookout & Google declared that Pegasus Spyware is capable of reading text messages, storing the screenshots, recording calls, gathering passwords, tracking device’s location & even act as keys logger.
The News of Pegasus Attack on iOS gathered enormous media attention.
While iPhone & iPad clients claim that there’s no malware for iOS, the Pegasus attack of August 2016 revealed that even iOS is prone to malware attack. This nasty spy application is capable of hacking any iPad or iPhone, the research says.
No wonder why tech giants & security firms are calling it the most sophisticated attack the cyber-world has seen so far.
In response to the attack, Apple released iOS Version 9.3.5 security patch to fix the three vulnerabilities.
|Targeted OS||Android & iOS|
|Damage||The hackers gain access to text messages, audios, voice calls, pressed keys, contact list, e-mails, screenshots, device’s location, calendar events. It can also access mobile’s camera & microphone & turn it into a surveillance device.|
The Pegasus attack of May 2019 is considered as a major comeback of the infamous Israeli Spyware.
Whatsapp, one of the social media giants, claimed that it found a software vulnerabity in the application’s calling feature. The flaw was used by the NSO Group to insert malevolent links into the user’s phone through the video calling feature.
After identifying Pegasus Attack, Whatsapp & its parent company, Facebook filed a complaint in the California Court against NSO Group for targeting around 1400 Whatsapp users around the world.
NSO Group is a private Israel-based cyber-arms firm that claims to provide certified governments around the world with technology & software such as Pegasus for lawful interception.
While Pegasus Spyware is sold to the governments to help them fight crime, it is suspected to be used by its developers for other illicit purposes.
According to the reports & analysis conducted by cyber-security analysts, hackers used a major security bug in Whatsapp to remotely install the Pegasus Spy Application on the targeted mobile devices.
The Pegasus ranks under a special category of buffer overflow exploit. Such softwares are capable of altering & manipulating the source code of a designated application according to the instructions received by the hackers.
The VoIP Stack vulnerability in Whatsapp allowed the threat-actors to install Pegasus spy application on the Android & iOS devices by simply calling the number on Whatsapp.
The targeted devices received video or voice call request from an unknown number on Whatsapp. It is startling to know that the calls, even if ignored by the user, allowed the Pegasus Spyware to be installed on the device.
What Whatsapp Did? Soon after Pegasus Spyware Attack was reported in May 2019, Whatsapp rolled out an update empowered with security patches & added new protection to its systems. It advised the users to update Whatsapp to the latest version.
As per sources, Facebook, the owner of Whatsapp messaging app, said that NSO Group injected the Spyware on devices by routing Whatsapp call on Whatsapp’s server.
It was able to access the devices through Whatsapp by a technique called Reverse-Engineering. NSO Group is believed to have fooled the servers by disguising the malicious Pegasus code as Whatsapp traffic.
While the users blamed Whatsapp for the security breach, Facebook claims that end-to-end encryption feature of Whatsapp was not broken. Sadly, following the revelations of Pegasus Spyware Attack, the number of Whatsapp downloads in India dipped to a great extent.
The reports by cyber-security analysts say that Pegasus attacked over 1400 Whatsapp users across 20 countries, including 121 in India. The targeted users comprised of lawyers, senior government officials, journalists & activists.
The Pegasus Spy Application is claimed to have taken over the targeted devices during a video call.
Following the successful installation, Pegasus scans the device & installs certain modules that aid in spying on the device.
The security breach allowed the attackers to –
It transforms the device into a constant surveillance device by hijacking a mobile’s camera & microphone.
It also possesses the capability of stealthily gathering data from various applications & browsers installed on the targeted device. These include, however are not limited to, Facebook, Skype, Gmail, Telegram, Viber & iMessage.
Pegasus Spyware is capable of infecting both Android & iOS devices. It uses number of ways to spread its infection & hack into a mobile device.
Following are some of the spread techniques:
1). Social Engineering: Pegasus send out “exploit links” to the targeted people via text messages. A mere click on these links would penetrate security features on the mobile device. Hence, it leads to the installation of Pegasus Spyware on the device without the owner’s intervention, knowledge or permission.
2). Using Zero-Day Exploits: Pegasus used this technique to target Whatsapp users around the world. It leveraged a bug in Whatsapp VoIP Stack to send voice & video calls on the targeted mobile devices. This method allowed the hackers to install Spyware on the device by merely sending a missed call on Whatsapp.
Here are a few preventive measures that will help you in securing your device against the attack of Pegasus spy Application.
1). Keep the device’s OS updated: Smart-phone users, whether Android or iOS are advised to keep the phone’s OS updated to the latest version. Apple & Google are the two major tech giants that keep releasing security patches on a regular basis.
These updates are helpful in repairing any potential flaw or vulnerability in the security features of the mobile devices.
2). Don’t fall for luring & unknown links: Malware such as Pegasus are capable of infecting the devices via unknown & corrupted links sent in text messages, e-mails or Twitter posts.
Therefore, mobile-phone users are advised to avoid clicking on luring links sent from unreliable sources. Think twice before clicking on it. By doing so, you take a step towards the protection of your device against spying.
In case you sense something fishy with the text message/e-mails, simply delete them without opening it.
3). Install good & reliable Security Software: It is one of the effective measures to protect your devices from the attack of Pegasus. Ensure downloading anti-virus from the official App Store only.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.