Today we are living in a digitally advanced era but no one can neglect the fact that over the years the incidents of cyber‐attacks like phishing, vishing and malware attacks including trojans, spyware, etc. are increasing exponentially and in fact, they became menace in some of the cases. You would have heard about the Pegasus spyware which has become very popular term recently.
Do you know about it? If you don’t know yet then no worries because here in this article, we are going to talk about the key aspects of the Pegasus spyware. But before that, we must know what a spyware is?
Spyware is a malware or a software with malicious behavior that is designed to enter your computer device in order to damage your system or steal the sensitive data and send it to the third party without your consent.
What is a Pegasus spyware?
It is a spyware developed by the Israeli NSO Group which can be covertly installed on mobile phone running most versions of iOS and Android and is probably the most powerful spyware developed till date.
It was in the August of 2016 when the news of the Pegasus took significant coverage for the first time when an Arab activist got sophisticated after getting a shady message. This was the most sophisticated smartphone attack ever. Several days after it was discovered, Apple had updated its version of iOS, which patched the security loopholes that was used for hacking. This version of Pegasus used spear‐phishing‐ emails or messages containing a malicious links were sent to the target.
In July 2021, Amnesty International (human rights group) revealed that Pegasus was still being used against the high‐profile targets like government officials, journalists. This time Pegasus was able to infect all modern iOS versions up to iOS 14.6 through zero‐click, which requires no action from the victim’s end‐ means even the most advanced user can be the victim to unprecedented cyber‐attacks. A zero‐click attack exploits a flaw or bug in the device you are using‐ be it Android or iOS, and Windows or macOS, which makes use of a data verification loopholes (about which the manufacturerdoesn’t even know yet and hence has not been able to fix) to work in your system.
In 2019, WhatsApp revealed that software made by the NSO was being used to send the malware to more than 14,000 phones by exploiting a zero‐day vulnerability, triggered by a WhatsApp call. The malicious Pegasus code could be installed in the system even if the target didn’t answer the call. The missed call trick exploited a flaw in the source code frame work of the WhatsApp and this allowed the hacker to load the spyware in the data exchange caused between two devices due to the missed call. Once loaded, the spyware would automatically enable itself as a background resource, embedded deep inside your device’s software framework.
Also read : cyber‐attacks
- It works according to the zero‐click. The target need not to give any input to make the malware work, it only takes a missed call, message, or iMessage for initiation. And after entering the device, it completes the task.
- Once a Pegasus spyware is installed in someone’s phone, it attacks the device so seamlessly that even is almost impossible for the user to detect whether they have been hacked, making it even more dangerous.
- It is self‐destructing in nature. For example‐ Suppose the spyware was installed in your device for let’s say one week’s time then after the completion of task in its scheduled time, it will be self‐destroyed. And even if it is not able to communicate to its command center, then it automatically settles.
- It provides complete access. It can do more than what you can do on your device. When your system is compromised, it is done in such a way that allows the attacker to obtain the root privileges on the device. It can start your device’s mic or camera anytime.
Can you be the next victim?
NSO has created the Pegasus Spyware to help government, law enforcement agencies prevent and investigate terrorism and crime to save the lives across the globe and not for mass surveillance. Also, this is very expensive, it carries a high price tag averaging at over $25,000 per target, so practically it is not feasible for the government agencies to use it without any justified reason. And a normal person needs a license for it and the process for buying it is also very complicated. So, you can consider yourself safe.
Also, Apple itself has called such attacks “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals”.
How to Prevent Spyware?
We can keep in mind the below‐mentioned points to prevent ourself from spywares
- Keep your software and other apps on your device updated because if there would be any vulnerability in it then it will be updated immediately. Also, outdated software is vulnerable to hackers and cyber criminals.
- Do not use public WIFI services as hackers can use an unsecured Wi‐Fi connection to distribute malware. Sharing any file across the network allows hackers to easily plant the infected software on your system.
- Do not install the applications from unknown sources as you don’t have any idea what is getting in your device. Allow it only when you know hat it will do to your device.
- Only open those messages or links which are sent by your trusted contacts.
I am not saying that following the above points will make you completely safe from spywares – but of course it will reduce the risk to a great extent!
The Pegasus spyware, developed by the NSO group has targeted globally more than 50,000 phone numbers for surveillance. How many more people will be targeted and who will be targeted we don’t know. For the time, it can be said that if you are a normal person then you are probably safe to some extent.