Pegasus: The Case of the Infamous Spyware

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

The case of the infamous spyware Pegasus has taken the world by storm, with news revealing its unlawful use infringing on many people’s basic human rights. With such remote surveillance now accessible via an infected device, the issue of cybersecurity has grown more pressing than ever. According to sources from throughout the world, NSO Group’s software was used to spy on around 50,000 people, including politicians, businessmen, journalists, and activists. 

Dmitry Galov, a security researcher at Kaspersky’s GReAT, describes the Pegasus spyware’s beginnings and how it differs from vulnerabilities. “Pegasus is a spyware with versions for both iOS and Android devices,” he explains. Even in 2017, the criminal had the ability to “read the victim’s SMS and emails, listen to calls, take screenshots, record keystrokes, and access contacts and browser history, among other things.” To clarify, Galov argues that Pegasus is a sophisticated and costly malware. It was created with the intent of spying on people of particular interest. As a result, the typical user is unlikely to be a target. 

However, the spyware’s sophistication makes it one of the most powerful tools for spying on one’s smartphone. Pegasus has evolved over time to attack a number of zero-day vulnerabilities in Android and iOS. Although it tries to remove its own traces from an infected device, some of them can still be seen under forensic examination. According to Galov, many parties on the darknet can sell and buy malware as well as zero-day vulnerabilities. Vulnerabilities can cost up to $2.5 million – that’s how much the whole chain of Android vulnerabilities was offered for, in 2019.