• Home
  • Services
    • Application Security
      • Web Application VAPT
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Threat Modeling
      • Secure Code Review
      • Application Architecture Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • Device Security
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing
      • Cloud Pentesting
    • Breach & Attack Simulation
      • Red Team Assessment
      • Dark Web Monitoring
      • Ransomware Simulation
      • Social Engineering
      • Assumed Breach
    • Staffing Services
      • Smart Shore Sourcing
      • Virtual CISO
  • Solutions
    • Vulnerability Management as a Service
    • Vulnerability Remediation as a Service
    • Threat Intelligence as a Service
    • DevsecOps
    • Strategic Security Solutions
  • Compliance
    • RBI Cyber Security Framework For Banks
    • SEBI Cyber Security & Cyber Resilience Framework
    • UIDAI – AUA KUA Compliance Security
    • RBI Guidelines for Payment Aggregators & Payment Gateways
    • RBI Cyber Security Framework For Urban Cooperative Banks
    • RBI Guidelines for cyber security in the NBFC Sector
    • SAR Audit
    • ISO27001
    • PCI DSS
    • GDPR
    • Hipaa Audit
    • SOC2 Assessment
  • Resources
    • Blog
    • Case studies
    • White Papers
    • Datasheets
    • Events
    • Podcast
  • Company
    • About us
    • Partners
    • Careers
  • Contact
WeSecureApp Logo (2)
  • Services
      • Application Security
          • SERVICES
          • application securityWeb Application Penetration Testing
          • Mobile Application Penetration TestMobile Application Pentesting
          • Web Services & API AssessmentWeb Services & API Assessment
          • threat-modellingThreat Modeling
          • application security - secure code reviewSecure Code Review
          • application architecture reviewApplication Architecture Review
          • RESOURCES
          • cyber security measures Top 7 cyber security measures that enterprises shouldn’t neglect
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • Group 16753 (1)Device Security
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-1-1 What is Pentesting?
      • Cloud Security
          • SERVICES
          • AwsCloud Auditing
          • cloud-pentesing-iconCloud Pentesting
          • RESOURCES
          • Cloud Security Threats Cloud Security Threats
      • Breach & Attack Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • dark-webDark Web Monitoring
          • ransomware simulationRansomware Simulation
          • insights-1Social Engineering Assessment
          • assume-breach-iconAssumed Breach
          • RESOURCES
          • Hire a Red Team7+ Major Reasons to Hire a Red Team to Harden Your App Sec
      • Staffing Services
          • SERVICES
          • smart-shore-sourceSmart Shore Sourcing
          • virtual-cisoVirtual CISO
          • RESOURCES
          • selecting-penetrationtesting How to Choose a Penetration Testing Vendor Wisely?
  • Solutions
      • MANAGED SECURITY
      • vmaasVulnerability Management as a Service
      • vraasVulnerability Remediation as a Service
      • tiaasThreat Intelligence as a Service
      • devsecops-logoDevSecOps
      • SSS-logoStrategic Security Solutions
      • RESOURCE
      • worst passwordsWorld’s Worst Passwords: Is it time to change yours?
  • Compliance
      • REGULATORY COMPLIANCE
      • RBI Cyber Security Framework For BanksRBI Cyber Security Framework For Banks
      • SEBI Cyber Security & Cyber Resilience FrameworkSEBI Cyber Security & Cyber Resilience Framework
      • UIDAI – AUA KUA Compliance SecurityUIDAI – AUA KUA Compliance Security
      • RBI Guidelines for Payment Aggregators & Payment GatewaysRBI Guidelines for Payment Aggregators & Payment Gateways
      • RBI Cyber Security Framework For Urban Cooperative BanksRBI Cyber Security Framework For Urban Cooperative Banks
      • RBI Guidelines for cyber security in the NBFC SectorRBI Guidelines for cyber security in the NBFC Sector
      • SAR Audit for Data LocalizationSAR Audit for Data Localization
      • STANDARD COMPLIANCE
      • isoISO27001
      • PCI DSSPCI DSS
      • GDPRGDPR
      • HIPAAHipaa Audit
      • soc2SOC2 Assessment
      • RESOURCE
      • hipaa HIPAA: A US Federal law to protect health information
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
    • Events
  • Company
    • About us
    • Partners
    • Careers
  • Contact
  • Home
  • Services
    • Application Security
      • Web Application VAPT
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Threat Modeling
      • Secure Code Review
      • Application Architecture Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • Device Security
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing
      • Cloud Pentesting
    • Breach & Attack Simulation
      • Red Team Assessment
      • Dark Web Monitoring
      • Ransomware Simulation
      • Social Engineering
      • Assumed Breach
    • Staffing Services
      • Smart Shore Sourcing
      • Virtual CISO
  • Solutions
    • Vulnerability Management as a Service
    • Vulnerability Remediation as a Service
    • Threat Intelligence as a Service
    • DevsecOps
    • Strategic Security Solutions
  • Compliance
    • RBI Cyber Security Framework For Banks
    • SEBI Cyber Security & Cyber Resilience Framework
    • UIDAI – AUA KUA Compliance Security
    • RBI Guidelines for Payment Aggregators & Payment Gateways
    • RBI Cyber Security Framework For Urban Cooperative Banks
    • RBI Guidelines for cyber security in the NBFC Sector
    • SAR Audit
    • ISO27001
    • PCI DSS
    • GDPR
    • Hipaa Audit
    • SOC2 Assessment
  • Resources
    • Blog
    • Case studies
    • White Papers
    • Datasheets
    • Events
    • Podcast
  • Company
    • About us
    • Partners
    • Careers
  • Contact
Schedule a Meeting
Application Security  ·  Awareness  ·  Cyber Threat

Pegasus – The Threatening Spyware Installed on Mobile Phones

By Geetha R 

In recent times when everything is digital, you have Alexa, Siri & Google to switch off and on your devices, IoT is trending, CCTV is everywhere for surveillance, even your GPS always gives your Geolocation to network service providers, and Cookies help you view whatever you search. In similar terms this technology is harmful also as if you download any corrupt software, your privacy is compromised, any virus in your phone and your data is lost, spyware or ransomware in your mobile devices and your data is leaked and someone else has control over it.

Today we are discussing the world’s strongest spyware of cyber-espionage “Pegasus”, developed by the NSO group of Israel. The spyware is strong that if it is downloaded on your phone, then the spyware can record audio through the mic, it can even get into your camera to snap pictures. It can share the GPS and push out the Geolocation Coordinates, giving your live location to the bad actor.

The spyware has multi-functionality that It can record and grab the screen image of whatever content is being displayed, It can enter in all the applications downloaded on your device and can read events, SMS’s, and messages of Instant Messengers. It doesn’t stop here, it can also read your mails, contact lists, dialing history, and record calls of specific contacts and get access to the same. It can also retrieve deleted files from devices and take a sneak peek of your browsing history from all browsers on your Phone! and above all this, you might think it takes records present on your phone then you might be shocked by knowing that Pegasus can turn into a key logger too. That means anything that you type and delete on the phone even before sending to anybody, like basic grammatical and spelling errors that are recorded, every touch, even the slightest tap on the screen, gets registered by the spyware and sent to the Bad Actor. Even the encryption on your phone can’t protect devices from the key logger, because they are directly viewing your screen as a user..

So Why is Pegasus taking so much acceleration?

As per Greek mythology, the name says Pegasus was a winged stallion, famous for the inspiration he gives to artists and the power he gives to heroes. He has enjoyed huge popularity since he first appeared in Greek mythology, and he continues to challenge our imaginations today., So in today’s world, Pegasus as spyware helps in cyber-espionage. Recent studies show that Pegasus is used as a monitoring tool and high-profile Government ministers, officers, human rights activists, reporters, opposition leaders, and even Heads of State are targeted. So Pegasus is designed to barge on target person device, collect all data of them, and transfer it to the source or Bad Actors via cryptographic routes. It is possible that Bad Actors are cybercriminals looking for monetary gains or a group of people backed by nation-states who are investigating loopholes and planned activities. The latter is known as Advanced Persistent Threats (APTs). APTs are storing a high level of sophistication, resources, and plans.

Governments of many countries, including Israel, India, Morocco, Hungary, Rwanda, Saudi Arabia, UAE, Azerbaijan, Bahrain, Kazakhstan, Spain, and Mexico, have been identified in the data leak by using Pegasus, whereas many other state governments are yet to give statements on these reports. Amnesty International has voiced that Pegasus was used against the family members of Jamal Khashoggi, the slain Saudi journalist, before and post his murder. An interdisciplinary laboratory based at the University of Toronto confirmed that Jamal’s phone was also targeted with Pegasus and was exploited to get information on his conversation and locations. Over that time Journalists of almost 20 countries have been identified as upcoming targets for spyware.

How does it work?

Pegasus exploits undiscovered vulnerabilities, and bugs, in devices OS, may that be Windows, Android, or iOS. This means a device could be contagious even if it has the latest security patch installed.

An older version of the spyware infected smartphones using a method called “spear-fishing”: A malicious link was passed via text messages or emails to the target. The spyware is used to get activated by clicking the link.

pegasus - how it works

Source : https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones

In 2019, Pegasus could exploit the device with a missed call on WhatsApp and even clear the track record of the missed call, This makes it more dangerous by making it impossible for the user to understand that they have been targeted and their security is compromised. In May that year, WhatsApp confessed that Pegasus had intruded and exploited a bug in its application code which as a result infected more than 1,400 Android and Apple Smartphones in this fashion, this includes phones of government officials, journalists, and human rights activists. Post understanding Whatsapp soon fixed the bug.

Pegasus is known for exploiting bugs in iMessage, which gives it backdoor access to millions of iPhones. The spyware can also exploit your phone over a wireless transceiver (radio transmitter and receiver) available near a target.

Prevention & Mitigation

As we know it is challenging to detect the presence of Pegasus Spyware in your device, once it infects a system, But you can put in use the tools like the one stated by Amnesty International called the Mobile Verification Toolkit or MVT,  that can decrypt your backups, process and parse records from systems, generate logs, amongst other things, to identify a potential infection and compromise and alert you for threat.

But as we all know prevention is the best defense. Here are a few actions to keep in mind to protect devices from Pegasus.

  • You should open links only from trusted sources.
  • If you need to check a link, please make sure you are using a reputed Search Engine like Google or MSN and follow the link mentioned in the search results.
  • Keep security settings of your browser on as sometimes even browsers can detect malicious links and alert you.
  • Disconnect your devices from the network, remove the sim card and switch the device off, to prevent further spread in case you identify the spyware being in your phone.
  • Contact your IT support or device service center immediately if you spot something amiss in any of your devices.
  • Keep your antivirus up-to-date and make sure it is from a reputed security organization for your device.
  • Be vigilant of any new services, applications that have comes up on your device.
  • Do not delay in updating your device with the latest version of the software patch released by the OEM (Original Equipment Manufacturer).

In case you are in doubt of a Pegasus or any Spyware attack,  Amnesty has introduced the Indicators of Compromise (IOCs) on their GitHub page. A potential compromise on the phone can be easily identified through running applications like MVT and the STIX2 formatted IOCs. 


pegasuspegasus spywarespyware

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

api security services
API Security: Top 5 Best Practices to Follow
Previous Article
goodfirms interview
A Glimpse of GoodFirms Interview with Venu Rao, CEO of WeSecureApp
Next Article

Industries

BFSI

Healthcare

Government

Retail & eCommerce

Information Technology

Telecommunications

SERVICES

Application Security

Network Security

Cloud Security

Staffing Services

Threat Simulation

CERT-In Audit Services

SOLUTIONS

Managed Security

Threat Intelligence as a Service

Vulnerability Management as a Service

Vulnerability Remediation as a Service

Strategic Security Solutions

resources

Blog

Datasheets

Case studies

Podcasts

Events

company

About

Partners

Careers

CERT-InNew

White papers

Contact

Privacy Policy

WE ARE CERTIFIED

trustpilot_review
trustpilot_review

TRUST WE GAINED

trustpilot_review
GoodFirms Badge
clutch_review

© 2024 WeSecureApp. All rights reserved.

logo--facebook logo--instagram logo--linkedin logo--twitter

Cloud Security VAPT

By failing to prepare, you are preparing to fail

Get Started!

By failing to prepare, you are preparing to fail

By failing to prepare, you are preparing to fail

Blog Write For Us

Subscribe to Our Podcasts

Get Started!

Take a peek into sample report

Get Started!

Get Started!

Take a peek into sample report

By failing to prepare, you are preparing to fail

Get Started!

Take a peek into sample report

By failing to prepare, you are preparing to fail

By failing to prepare, you are preparing to fail

Take a peek into sample report

Get Started!

Get Started!

Download Now

Take a peek into sample report

Download Your Comprehensive Guide to Threat Modeling Today!

Staffing Services

Threat Simulation

BOT Force

Fixed Force

Flex Force

Get CERT-In Audit

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

navy_bubble.png
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok