Pegasus spyware is a surveillance software created by Israeli cyber intelligence firm NSO Group. Pegasus is one such software that is created to gain access to your phone without consent and gather personal and sensitive information and deliver it to the user that is spying on you.
List of targets included journalists working for organisations including The Associated Press, Reuters, CNN, The Wall Street Journal, and India’s The Wire, among many others.
Some political figures including Rahul Gandhi of the Indian National Congress and political strategist Prashant Kishore were also recently claim to be a part of the targets.
What can Pegasus Spyware do?
According to Kaspersky :
Pegasus spyware is able to read the victim’s SMS messages and emails, listen to calls, take screenshots, record keystrokes, and access contacts and browser history.
A hacker can hijack the phone’s microphone and camera, turning it into a real-time surveillance device.
Pegasus spyware is also worth noting that Pegasus is a rather complex and expensive malware and design to spy on individuals of particular interest.
When was Pegasus Spyware First Discovered?
Pegasus spyware was first discovered in an iOS version in 2016 and then a slightly different version was found on Android.
One of the main infection schemes was via an SMS.
The victim got an SMS with a link.
If the person clicks on it then their device gets infected with the spyware.
How does Pegasus Spyware Infect a Phone?
The Organized Crime and Corruption Reporting Project (OCCRP) reports that eventually as the public became more aware of these tactics and were better able to spot malicious spam, zero-click exploit solution was discovered.
This method does not rely on the target doing anything at all in order for Pegasus Spyware to compromise their device.
Zero-click exploits rely on bugs in popular apps like iMessage, WhatsApp, and FaceTime, which all receive and sort data, sometimes from unknown sources.
When a vulnerability is found Pegasus Spyware can infiltrate a device using the protocol of the app.
The user does not have to click on a link, read a message, or answer a call they may not even see a missed call or message.
OCCRP reports another method called “network injections” to quietly access a target’s device.
A target’s Web browsing can leave them open to attack without the need for them to click on a specifically-designed malicious link.
This approach involves waiting for the target to visit a website that is not fully secured during their normal online activity.
When they click on a link to an unprotected site, the NSO Group’s software can access the phone and trigger an infection.
Pegasus Spyware Signs Can Be Detected on Your Phone Using This Dedicated Tool
Researchers at Amnesty International have develop a tool to check if your phone has been targeted by the spyware.
The Mobile Verification Toolkit (MVT) aims to help with identifying if Pegasus Spyware has infected your device.
Mobile Verification Toolkit (MVT) works on both Android and iOS devices.
MVT may receive a graphical user interface (GUI) over time.
Mobile Verification Toolkit (MVT) the tool is aim to help you identify if the Pegasus spyware has targeted your phone.
The researchers noted that it is easier to find the signs of compromise on iPhone handsets over an Android device due to more forensic traces available on the Apple hardware.
Users need to generate a backup of their data to let MVT decrypt locally stored files on their phone to look for Pegasus indicators.
In case of a jailbreak iPhone, a full filesystem dump can also be use for the analysis.
Mobile Verification Toolkit requires some command line knowledge.
Mobile Verification Toolkit receive a graphical user interface (GUI) over time.
The Mobile Verification Toolkit code is also open source and is available along with its detailed documentation through GitHub. CLICK HERE TO READ.
When a backup is created then MVT uses known indicators such as domain names and binaries to look for traces related to NSO’s Pegasus.
The Mobile Verification Toolkit is also capable of decrypting iOS backups if they are encrypted.
Mobile Verification Toolkit extracts installed apps and diagnostic information from Android devices to analyse data for any potential compromise.
Mobile Verification Toolkit requires at least Python 3.6 to run on a system.
If you are using a Mac Mobile Verification Toolkit also needs to have Xcode and Homebrew installed.
You also need to install dependencies if you want to look for forensic traces on an Android device.
After you are done with the installation of Mobile Verification Toolkit on your system then you need to feed in Amnesty’s indicators of compromise (IOCs) that are available on GitHub.
THANK YOU FOR READING.
