Pegasus is a highly sophisticated malware that adopts powerful encryption to hide from exposure by conventional security tools.
The malware self-destructs if the communication with its command-and-control (C&C) server is severed for more than 60 days or if it detects that it was installed on the wrong device with the wrong SIM card.
The software was developed by the Israeli company NSO Group and sold to government clients.
Among the reported targets of the spyware are journalists, politicians, government officials, chief executives and human rights activists.
Pegasus turns phone into 24-hour surveillance device.
According to cybersecurity company Kaspersky, Pegasus is modular malware. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target’s life.
The spyware can activate cameras or microphones to capture fresh images and recordings without the user’s permission or knowledge. It can listen to calls and voicemails and collect location data — past and present and whether he’s stationary or moving. Pegasus can even listen to encrypted audio streams and read encrypted messages, including that from WhatsApp and Signal since it steals the data even before they get encrypted.
How Pegasus allegedly hacks phones
The earliest version of Pegasus used a spear-phishing attack to infect phones with malware. It all starts with a website URL sent via SMS, email, social media, etc to a user. One action click on the link and the surveillance software packages are installed after remotely jailbreaking the device. While a certain level of awareness can help prevent such attacks, NSO’s attack capabilities have become more subtle over the years, making it more potent and almost impossible to detect or stop.
Pegasus infections can also be achieved via so-called “zero-click” attacks that do not require any interaction from the phone’s owner. It means that your phone could still be hacked even if you’re careful not to click on those malicious links. Most of these attacks exploit vulnerabilities in an operating system that the phone’s manufacturer may not yet know about and so has not been able to fix.
An example of such an attack was revealed by WhatsApp in May 2019 when the spyware targeted a vulnerability in its VoIP stack. Simply by placing a WhatsApp call to a target device, Pegasus could be installed on the phone, irrespective of whether the target answered the call or not.
Pegasus for Android, on the other hand, uses a popular rooting method called Framaroot. This method allows it to directly ask permission from the user to steal some data even if the malware fails to obtain the necessary root access to install surveillance software.
And where neither spear-phishing nor zero-click attacks succeed, Pegasus can also be installed over a wireless transceiver located near a target, or, even manually injected by stealing the target’s phone.
Apple iPhones claim to offer better privacy and security than rivals, but they are still vulnerable to “zero-click” attacks, Amnesty International said in a report. The report detailed that the Israeli firm NSO Group infected several models of iPhones over the years, adapting as Apple fixed each security bug. In 2019, the group exploited a vulnerability in Apple Photos, followed by an iMessage zero-click, and later Apple Music in 2020.
