Over the weekend, Pegasus Spyware aka Q Suite has become one of the latest hot topics in media after The Washington Post and The Guardian published a report about how this spyware was used to hack cellphones of journalists, activists worldwide. So far, we had heard that Pegasus Spyware can read text messages, track calls, collect passwords, track user’s locations, and can collect information from apps but there is more to understand about it, how you can detect it using MVT toolkit and finally how to prevent it from being installed in our devices.
What is Pegasus Spyware?
This ultimate spyware is named after the mythical winged horse “Pegasus” which is a Trojan horse that can be sent flying through the air to spy the mobile phones. Pegasus Spyware, developed by Israeli cyber arms firm NSO Group, installs on mobile phones and other devices, running most versions of iOS and Android, without any information and interaction of the user (hence called zero-click).
Pegasus was first noticed in 2016 by an Arab activist, Ahmed Mansoor, who got suspicious after receiving a weird message. He sent those messages to Citizen Lab, who brought another cybersecurity firm, Lookout, to investigate this spyware.
Initially, it was believed that Pegasus Spyware was targeting iPhone users but after this Apple released an updated version of iOS, which reportedly patched the security loophole that this Spyware used to hack phones. A year later, it was found that it is also affecting Android phones.
Pegasus is a program that gives the hacker access to the smartphone’s microphone, camera and messages, emails, collect location data, track calls, collect passwords, and can collect information from apps. Spyware also allows hackers to listen to encrypted audio streams and read encrypted messages which gives the hacker whole access to the entire phone.
What was the NSO’s main motive to build Pegasus Spyware?
According to an Amnesty International report, NSO’s (set up on January 25, 2010) initial goal was “to develop technology that would provide law enforcement and intelligence agencies with direct remote access to mobile phones and their content – a workaround to the increasingly widespread use of encryption in the digital environment.”
NSO Group claims that the Pegasus Spyware has only been sold to government agencies and was developed for the purpose to fight against terrorism and crime. According to reports, Pegasus “can monitor up to 500 phones in a year, but can only track a maximum of 50 at one go and it costs about $7-8 million per year to license.”
How does Pegasus Spyware infect phones?
The biggest problem with Pegasus Spyware is where an individual targetted phone user doesn’t even have an idea that their phone is hacked.
Some methods through which the phone gets infected by Pegasus are by making users click on a malicious URL sent to their phone. It can also be installed by exploiting a security bug in voice calls through WhatsApp and similar apps or a single missed call can install the software on the target’s phone which then deletes the call log entry to ensure that the victim of the hacking remains unaware.
According to The Citizen Lab, after being installed, Pegasus Spyware can access victims – “Passwords, contact lists, calendar events, text messages, live voice calls from popular mobile messaging apps, and even encrypted chats.”
How does Pegasus Spyware work?
After Pegasus Spyware is installed on the target’s device, the necessary modules are installed to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, history, contacts, exfiltrate browser, and many more. With its keylogging and audio recording capabilities, it can listen to encrypted audio streams and read encrypted messages, it steals messages before they were encrypted and reads incoming messages, after decryption.
One thing that makes Pegasus an extremely sophisticated software is that it is conscientious and tries to hide. The Pegasus Spyware self-destructs if it is not able to communicate with its command-and-control server for more than 60 days, or if it detects that it was installed on the wrong device with the wrong SIM card making it targeted spying.
How to prevent Pegasus Spyware from being installed?
Pegasus Spyware has now become zero-click spyware which is a remote cyberattack that does not require any interaction from the target to be hacked, making it is really difficult to stay protected. But still, some measures could be taken such as ensure that your smartphone is up to date, avoid sideloading third-party apps or, installing apps by lesser-known developers.
However, according to Citizen Lab researcher Bill Marczak, Pegasus’ zero-clicks worked on iOS 14.6, which until today was the most up-to-date version, so iPhone owners may have to stay extra aware.
And luckily, Amnesty’s researchers have come with a toolkit – Mobile Verification Toolkit, or MVT – that they say “may help others identify if their phones (both Android and iOS) have been targeted by Pegasus,” reports TechCrunch. VT simply does a scan of backups of your phone to search the domain names “used in NSO’s infrastructure that might be sent by text message or email.” The toolkit also lets you scan for potentially malicious applications installed on your device.
As reported by TechCrunch, the MVT toolkit “works on the command line, so it’s not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal,” however, as the project is open-source someone will surely build a user interface for it. You can go through the project’s detailed documentation or can visit Amnesty’s IOCs, GitHub page to can your phone fo the signs of Pegasus (download and use an up-to-date copy).
One can also protect itself from being attacked by not answering any calls from WhatsApp and other WiFi app calling applications that are not part of contact lists, or a random caller, and avoid answering calls from unknown network calls. Avoid opening links with promotions and log-ins from unknown senders, as they may contain malware, that could either be Pegasus Spyware.
But still if one gets Pegasus Spyware, the best solution is to get rid of the device altogether by switching to a new phone and change the passwords of the applications and services they used on it. Lastly, one should avoid doing any confidential work on smartphones at least until this spyware gets a complete fix.