Pegasus is a spyware program created by the Israeli cyber arms firm NSO Group that can be installed secretly on phones (and other devices) running most versions of iOS and Android. It’s called after the mythical winged horse Pegasus and it’s a Trojan horse that can be sent “flying through the air” to infect phones.
Pegasus was discovered in August 2018 after an unsuccessful installation attempt on the iPhone of a human rights activist resulted in an investigation that revealed facts about the spyware, its capabilities, and the security weaknesses it exploited. The spyware story got a lot of attention in the media. It was dubbed the “most sophisticated” smartphone attack ever, and it was the first time a malicious remote exploit using jailbreak to acquire unrestricted access to an iPhone was discovered.
Pegasus was still being utilized against high-profile targets in July 2021, according to broad media coverage of the Project Pegasus revelations and an in-depth study by human rights organization Amnesty International. Pegasus was able to infect all modern iOS versions up to the most recent update, iOS 14.6, using a zero-click iMessage attack, according to the report.
According to the revelations from Project Pegasus 2021, the new Pegasus program can exploit all recent iOS versions up to iOS 14.6. Pegasus could read text messages, track calls, gather passwords, track position, access the target device’s microphone and camera, and harvest information from apps as of 2016.
How to check if your smartphone is infected with Pegasus spyware?
Though Apple claims to be secure and everything, Pegasus can easily break into the smartphone.
If you want to look for spyware on your iOS device, the first step is to search the toolkit and use it to scan your device for symptoms of malware. To do so, go to this GitHub URL and get Amnesty’s IOCs.
Because the toolkit is based on the command line, having some coding experience may be advantageous.
Simply run the lines of code, and the software will begin looking for signs of compromise. The scan findings should be shown in a folder within a few minutes.
On Android, the procedure is similar; simply run the command line as indicated above, and the details should appear in no time.
Because the process on Android is a little more involved, the software on Android works a little differently. It searches for backups of text messages that contain links to NSO’s domains. In addition, the toolkit scans for harmful APKs or programs on your smartphone.
You can also run a scan to see whether your device has any malicious applications installed.
How to install and download Pegasus spyware?
Pegasus spyware is modern spying software in and of itself. It can also be installed on the phone without having to press any buttons. Not only that, but it may also get into your phone using WhatsApp’s missed call feature.
Some of Pegasus’ exploits are zero-click, meaning they can operate without the victim’s involvement. Pegasus has been said to be able to run arbitrary code, harvest contacts, call logs, messages, images, web browsing history, settings, and gather information from apps such as iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype once it has been installed.
According to an India Today article, spyware such as Pegasus infiltrated the phone via text messages and photos. However, it may now only be installed on the phone via a WhatsApp missed call. Pegasus, for example, is zero-click spyware. That is, it will be installed on the phone even if you do not click on any links or messages.
Pegasus may be remotely controlled once it has been installed on the phone. Additionally, the data on the phone may be accessed quickly. He can also transfer passwords and other data, such as login information, through this method. This malware has the ability to record SMS, collect contact information, call history, e-mail history, and web surfing history.
If Pegasus is unable to interact with its command-and-control server for more than 60 days, or if it is on the wrong device, it hides as much as possible and self-destructs in an attempt to destroy evidence. This is something Pegasus can do on-demand as well.
What is the cost of using Pegasus?
Pegasus spyware is offered under a license, and the cost is determined by the terms of the contract. Let us inform you that a contract can cost up to 70 lakh rupees. A single contract can track multiple phones.
Uses of Pegasus Spyware
Used by India
Facebook filed a lawsuit against NSO in late 2019, alleging that Pegasus was used to intercept the WhatsApp communications of a number of activists, journalists, and bureaucrats in India, leading to claims that the Indian government was involved.
In 2021, Project Pegasus purportedly discovered the phone numbers of Indian ministries, opposition leaders, ex-election commissioners, and journalists on a database of NSO hacking targets.
Independent digital forensic investigation of 10 Indian phones whose numbers were found in the data revealed indicators of a Pegasus hack attempt or success. The forensic examination revealed that there are sequential links between the time and date a phone number is added to the list and the start of surveillance. The time difference is usually between a few minutes and a few hours.
11 phone numbers linked to a female Supreme Court employee and her family, who accused former Chief Justice of India Ranjan Gogoi of sexual harassment, were purportedly discovered on a database, indicating the likelihood of their phones being spied.
Records also show that the phone numbers of some of Karnataka’s top political figures were chosen during the time of an intense power struggle between the Bharatiya Janata Party and the state government led by the Janata Dal (Secular)-Congress in 2019.
According to reports, Pegasus was used by the Indian government to spy on Pakistan Prime Minister Imran Khan and officials from Iran, Afghanistan, China, Nepal, and Saudi Arabia.
Used By Saudi Arabia
Pegasus software, which is sold to foreign governments under a license from the Israeli government, aided Saudi Arabia in spying on Jamal Kashoggi, who was ultimately assassinated in Turkey.
Pegasus was also used to spy on Jeff Bezos after Saudi Arabia’s crown prince, Mohammed bin Salman, exchanged conversations with him that exploited previously unknown WhatsApp vulnerabilities.
Used by Mexican drug cartels
Pegasus has been used to target and threaten Mexican journalists by drug cartels and cartel-connected government players, reversing its intended application against criminals.