Pegasus spyware is the most sophisticated and most powerful piece of spyware ever developed. Pegasus is a commercial surveillance tool that was developed by the NSO group, an Israeli company whose bread and butter is developing spyware. This spyware was first identified in 2016 by the researchers of the Citizen Lab as the cause of the failed attempt to install it on Ahmed Mansoor, a UAE human rights activist.
This spyware is capable of performing total surveillance operations on the affected device. After infecting the device, it gains administration privileges and then obviously it can do more than the owner. Then it installs the necessary modules to extract all types of information read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, SMS messages, geolocation, address books, call history, calendars, and internet browsing histories and even encrypted callas and massages. It steals encrypted massages before encrypting and after decrypting.
Early versions of the spyware used spear-phishing to trick targets to click on the malicious link and the later versions focused on exploiting zero-day vulnerabilities and NSO took their attack vectors to the next level. Now it can install itself without any user interaction, which is called “zero-click” attacks. Firstly, it only identified targeting Apple IOS devices, while the sister version for Android was identified. Instead of relying on zero-days, the Android version uses a popular rooting method ‘frameroot’ and one unique difference is that, unlike the IOS version, if it fails to install or fails to obtain administrator level access, it will still try to ask the user to grant some permission to extract at least some possible data.
More recently, NSO is exploiting vulnerabilities in Apple iMessage and the Pegasus project (an international investigative journalism initiative that reveals governments’ espionage on journalists, opposition politicians, activists, businesspeople, and others using the private Pegasus spyware) to discover traces of successful attacks on victims’ iPhones that are running UpToDate Apple IOS by Pegasus customers as recent as July 2021.
This spyware is designed to operate in a very stealthy manner. It tries to hide itself very diligently to make sure not to alter performance or make any noticeable changes that would make the user suspicious. More importantly, it self-destructs after 60 days if it is unable to communicate with its command and communication server during that time.
What can we do? Actually, if we targeted, we can’t do much about this. It’s like trying to self-defend against 100 well trained ninja assassins. But Google and Apple are helping from their end to fight against this malware, but updating devices as soon as updates are available, installing a good security solution, and not falling for phishing may give us an edge.
Written by Tharusha Preethilal— 2nd Year 2nd Semester -Cyber Security Student-SLIIT