What Is Pegasus Malware?


What Is Pegasus Malware?

What Is Pegasus Malware?

On 19 July 2021, all the citizens of India woke up with agitating news regarding the Pegasus Spyware. The revelation was by a syndicate of on-profit Paris-based media house, Forbidden Stories and Amnesty International, which claimed illegal spying using Pegasus Spyware worldwide. Pegasus is a spyware system advocated to track down all criminal and terrorist activities and is developed by Israeli Company NSO.

But the claims were entirely based on a leaked document to the media houses that contains 50,000 phone numbers of potential targets that were with the help of The Guardian, The Washington Post, Le Monde, and The Wire analyzed and identified the targets. The list contains high-profile personalities, business executives, journalists, human rights activists, diplomats, and security officers. Spyware is a tool that is extremely powerful and capable of extracting data like calls, photos, and live camera videos of the Victim's phone.

It confirmed that over 300 numbers and people on the list are India-based. The Wire that collaborated with Amnesty International has documented the names and numbers of at least 40 Indian journalists, 14 political figures, 40 activists and lawyers, ten northeastern leaders, and many known personalities. 

One alleviating factor regarding the revelation is that the number in the claimed list necessarily does not mean that the number was hacked. It is claimed by the investigators, with the help of forensic analysis, that total of 37 numbers of human rights activists, well-known journalists, and business-based executives were hacked by the Pegasus Spyware. 

NSO Groups claims it as a tool to track down targeted terrorists and criminals, and it is not meant for mass surveillance, but they prefer to sell the spyware software only to governments around the globe. Pegasus spyware price list released in 2016 states that NSO Groups charged the customers $65,000 to spy on ten devices and took $500,000 as the installation fees.

How Does Pegasus Work?

It does not matter if your device has the latest security system installed. Pegasus is a spyware that is evolving its simple design into a zero-click exploit. Previously, the spyware is built to target potential people with a malicious link. If the user of the device clicks on the link, the software will work to hack it. Since 2016, the technology came to light, collective people's awareness towards the non-reliable links increased, which made the method of Pegasus less effective.

But more recently, the Organized Crime and Corruption Reporting Project (OCCRP) reported the new and developed technology of such spyware, resulting in discovering a zero-click exploitation system. Moreover, people were aware of the scams and exploits. This technology does not rely entirely on potential targets for doing anything in their device for Pegasus to compromise without their knowledge.

The current technology by Pegasus works on exploiting bugs in popular mobile apps like FaceTime and Whatsapp as it can receive data from unknown sources. Pegasus Company focuses on finding vulnerability and then infiltrating the device using a different protocol for the app. It appears that the latest version makes sure not to alert the user. User does not have to pick any call, click on any link, read any short message. A possibility is that they would not even see a call, message, or link. 

Recently, the pattern showed that people received calls from Whatsapp, and the software installed itself on their devices. The user did not get any notification as the call they received was automatically deleted from their machine once the device was under the spyware's control.

How To Detect Pegasus Spyware?

The analyst and researchers at Amnesty International came up with a Mobile Verification Toolkit (MVT) toolkit for users to identify if the spyware system infected their phone or devices. The toolkit specializes in working on both iOS and Android devices. It analyses the data from Android devices and also analyses the records from iOS backups. In addition, their file system dumps to identify some of the potential traces of compromise of the device.

Recently the researchers found more concrete forensic traces from the investigation of iPhones than the Android devices, which confirm more Pegasus infections in iPhones. 

The Amnesty provided the general public with an open-source toolkit available on GitHub. The toolkit is not user-friendly as it functions on the command line, but gaining knowledge from YouTube or the internet will be helpful. 

Conclusion

Famous personalities and influential people like M.K. Venu (The founding editor of The Wire), Rahul Gandhi (The Congress Party Leader), Anil Ambani (Reliance ADAG Chairman), Umar Khalid (Former student of JNU), Ipsa Shatakshi (Activist) were in the list that revealed the Pegasus Scandal.