ADVERTISEMENTREMOVE AD

Not Just WhatsApp: Pegasus Threat Looms Across Many Platforms

Pegasus can access all Android, BlackBerry, iOS and Symbian based password-protected devices via multiple apps.

Published
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large

Pegasus, the spyware made by Israeli firm NSO Group, was used to hack into the phones of at least 1,400 people globally by exploiting a vulnerability via WhatsApp to get into a user’s device.

Once in the device, the device is as good as unlocked for the attacker, giving them access to all the apps in the phone. In other words, the attacker has complete control of the phone and can access any app, be it Telegram, Signal, Skype or payment wallets.

The spyware contains code that is capable of spying, collecting data, and reporting back on what the user does on the device – everything; calls, emails, texts, location, app data, etc. It remotely collects all the information about a target's device, wherever they are.

According to the NSO Group’s own product description manual, the spyware gives the attacker “unlimited” access to the target’s devices.
ADVERTISEMENTREMOVE AD

Target Oblivious to Attack

The installation is entirely concealed and the target will not be aware that software is being installed on their device.

However, such malware is likely to be vulnerable to most commercially available anti-virus and anti-spyware software. As such, they leave traces and are fairly easily detected on the device by these software.

Works Across Platforms

Although this particular hack, where about 121 Indians were targeted, happened through WhatsApp, the spyware can trace data from any application on the phone. According to a Lookout report, it can access anything – from logs, mails, passwords, messages, calls and more, from apps including, but not limited to:

  • FaceTime
  • Gmail
  • Facebook
  • Line
  • Mail.Ru
  • Calendar
  • WeChat
  • Surespot
  • Tango
  • WhatsApp
  • Viber
  • Skype
  • Telegram
  • KakaoTalk
ADVERTISEMENTREMOVE AD

Installation

NSO says that installing the spyware is the most sensitive and important phase of the intelligence operation.

Following are the various ways an attacker can install Pegasus on a target:

1. REMOTE INSTALLATION

Over-the-Air (OTA): A push message is remotely and covertly sent to the mobile device. This message triggers the device to download and install the agent. During the entire installation process, no cooperation or engagement of the target is required (eg: no need to click a link, or open a message) and no indication appears on the device.

The installation is totally silent and invisible and cannot be prevented by the target. This is NSO’s uniqueness, which differentiates Pegasus significantly from other spyware.

2. ENHANCED SOCIAL ENGINEERING

Enhanced Social Engineering Message (ESEM): In cases where OTA installation method is inapplicable, the system operator can choose to send a regular text message (SMS) or an email, luring the target to open it. A single click on the link will result in hidden agent installation.

ADVERTISEMENTREMOVE AD

Following are a few 'benefits' and ‘features’ of Pegasus:

BENEFITS

  • Unlimited access to target's mobile devices: Remotely and covertly collect information about a target's relationships, location, phone calls, plans and activities – whenever and wherever they are.
  • Intercept calls: Transparently monitor voice and VoIP calls in real-time
  • Bridge intelligence gaps: Collect unique and new types of information (eg, contacts, files, environmental wiretap, passwords, etc) to deliver the most accurate and complete intelligence.
  • Handle encrypted content and devices: Overcome encryption, SSL, proprietary protocols and any hurdle introduced by the complex communications world.
  • Application monitoring: Monitor a multitude of applications including Skype, WhatsApp, Viber, Facebook and Blackberry Messenger (BBM).
  • Pinpoint targets: Track targets and get accurate positioning information using GPS.
  • Service provider independence: No cooperation with local Mobile Network Operators (MNO) is needed.
  • Discover virtual identities: Constantly monitor the device without worrying about frequent switching of virtual identities and replacement of SIM cards.
  • Avoid unnecessary risks: Eliminate the need for physical proximity to the target or device at any phase.
ADVERTISEMENTREMOVE AD

FEATURES

  • Penetrates all Android, BlackBerry, iOS and Symbian based devices
  • Accesses password-protected devices
  • Extracts contacts, messages, emails, photos, files, locations, passwords, processes list and more
  • Accesses password-protected devices
  • Leaves no trace on the device
  • Self-destruct mechanism in case of exposure risk
  • Retrieves any file from the device for deeper analysis
Unlike other such software, which provide only future monitoring of partial communications, Pegasus allows the extraction of all existing data on the device.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Speaking truth to power requires allies like you.
Become a Member
Read More
×
×