Skip to main content
Cyber News

Pegasus spyware: Here is everything you need to know

By August 2, 2021June 9th, 2022No Comments

Reports about Pegasus spyware being used by governments around the world to target rights activists, journalists, lawyers and opposition leaders have come to light in the past few weeks, after a list of some 50,000 phone numbers that the spyware targeted was leaked to major news outlets. The leaked list also contained phone numbers of at least 14 current and former heads of state and prime ministers.

According to the reports, those targeted included French President Emmanuel Macron, Iraq’s President Barham Salih and South African President Cyril Ramaphosa. It also targeted three current prime ministers, including Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly and Morocco’s Saad-Eddine El Othmani.

What is pegasus spyware?

Pegasus is arguably the most powerful spyware software ever developed by a private company. The hacking software is developed, marketed and licensed to governments by NSO Group, an Israeli cybersecurity company that prides itself as a world leader in precision cyber intelligence solutions provider to its clients.

With just a single text, Pegasus spyware can bypass your phone security, regardless of whether it is an iPhone or an Android phone, and install itself with full access to all your phone capabilities. The spyware can access every message you have ever sent, every message you have ever received, harvest your photos and record your calls.

The spyware can also turn on your microphone to record any conversation you may be having at any time. It can also activate your camera at a moment’s notice, record videos, take pictures secretly, and send them to the organization that the spyware is licensed to without your knowledge.

Pegasus GPS technology and the ability to pinpoint targets of the targeted phones is second to none. It is able to pinpoint details such as where you have been, where you are heading, who you are meeting. Once the spyware has wormed its way into your phone, the surveillance starts without the victims noticing and all the data is secretly sent without raising any suspicion from the victims.

Evolution of Pegasus spyware

The Pegasus spyware was first discovered by researchers in 2016 when Arab human rights defender Ahmed Mansoor received a text with a link and directions to click on the link to find out about torture sites. Ahmed forwarded the message to research Citizen Lab, a Toronto University organization deemed by many as the closest thing to NSA that is available to the public.

After carrying out forensics of the text, the Citizen Lab research team discovered that the message was a type of spear-phishing attack that involves tricking potential victims into clicking malicious links that download malware such as pegasus that can lead to phone and computer system compromises.

Further research by the Citizen Lab was able to unearth the Pegasus spyware, how it was being used by governments and other institutions to monitor and surveil their targets and the capabilities of the phone.

The discovery of Pegasus spyware sent the NSO Group to the drawing board, and what came next is the most advanced piece of spyware by a private company known to date. They changed how the spyware operated, by ensuring that it no longer needed human intervention, such as clicking a link sent to a victim’s phone to initiate an attack.

The move by NSO Group from clickable links to “zero-click” attacks ensured that they removed the need for their target’s interaction with their devices in order for the attack to be successful and ensured that people who were compromised would remain unaware that such a thing had happened to them.

For instance, in 2019, WhatsApp revealed that NSO’s Pegasus spyware had been used to send malware to more than 1,400 phones using their platform. The reports indicated that all the hackers needed was to place a call to the phone, and regardless of whether the targeted victims answered the phone or not, the spyware would find its way on their phone, infect them and start spying on them.

Reports also show that pegasus is now exploiting vulnerabilities found in iMessages, giving it access to hundreds of millions of iPhone devices around the world.

In cases where it is impossible to install the Pegasus spyware through spear-phishing or zero-click attacks, NSO promises to install spyware through a wireless transceiver located near a target. Where a transceiver fails, the company advises their customer to gain access to the physical target’s phone and install the spyware manually.

Why is the Pegasus spyware report relevant to us?

In the current world, where we have become attached to our phones, and almost every human interaction can now be carried out using a mobile phone. However, few realize just how sensitive data on their phone is.

Text messages, such as SMS and WhatsApp chats, emails, photos, videos, recorded calls, GPS data, calendars of our events and contact books may seem unimportant to many, but they are honeypots to many cybercriminals and rogue governments.

So why should you, as an individual or as a veterinary practice, worry about a technology that is used by governments and seems to target dissidents, lawyers and activists? Well, the truth is, the technology is already in the hands of actual criminals. A recent report by Guardian showed that the technology was already in the hands of Mexican Cartels, where they used it to track drug shipments and target their rival gangs.

It is just a matter of time before the technology falls into the wrong hands that will target you as an individual or your veterinary practice to extort money by stealing information or using intel gained from surveillance to gain a competitive edge against you.

The most unfortunate thing about a Pegasus spyware cyberattack is that there is nothing many people can do. You will never know if your phone is compromised, and unless you hire an expert to scan your phone, it is very possible that you may never know that you have become a target.

Cybercriminals may also use the technology to launch ransomware attacks by gaining access to email credentials and network passwords saved on our phones. And based on recent reports of drug cartels using the technology for surveillance, it is now not a question of if cybercriminals will ever gain access to the technology but when they will gain access to the technology and how they are going to use it.