Recently, Pegasus spyware used WhatsApp servers to infect phones to steal data. Read on to know more about this spyware…
On October 29, US-based messaging platform WhatsApp dragged to court the NSO Group, an Israeli cyber-intelligence technology firm. Pegasus, which is capable of attacking both Android and iOS, has been around for three years and is considered one of the most sophisticated spyware in the market.
In the first lawsuit of its kind, WhatsApp has alleged that the NSO Group’s highly sophisticated spyware, Pegasus, infected 1,400 phones in 20 countries, including those of more than 100 human rights activists and journalists. According to Amnesty International, Pegasus has been targeting journalists in Mexico, Saudi dissidents and Amnesty’s own researchers since 2017.
About 40 people in India, most of whom are academics, journalists and activists, have since been identified as victims of this cyberattack.
Modus Operandi
In this particular attack using Pegasus spyware, the Israeli group used sophisticated tools. The hackers created WhatsApp accounts using telephone numbers registered in countries during January 2018 and May 2019. They used these numbers as launch pads to send a malicious code to target devices in April and May 2019.
In complaint against the hackers that was filed in a US Court, WhatsApp said that phone numbers were registered in countries like Cyprus, Israel, Brazil, Indonesia, Sweden, and the Netherlands.
“They leased servers and internet hosting services in different countries, including the United States, in order to connect the target devices to a network of remote servers intended to distribute malware and relay commands to the target devices,” WhatsApp has explained.
Working Mechanism
Pegasus spyware begins work after the user clicks on the infected link sent by the attacker. After an installation process that requires no permission from the user, the spyware begins to contact the phone’s control servers, allowing it to gather data from the infected device.
Pegasus gained access to their devices through missing WhatsApp video calls. Thereon it managed to receive and share with the attackers personal files such as messages, photos and contacts for a 14-day period starting April this year.
Looking to steal passwords, contacts, messages, calendar information and other private data, Pegasus also has the ability to hack the phone’s camera, microphone and GPS location. This time, the spyware attacked a vulnerability in the WhatsApp VoIP (Voice Over Internet Protocol), which is used to make video and audio calls.
It is so flexible that it could be customized for different purposes, including to intercept communications, capture screenshots, and copy browsing history and contacts from the device. Pegasus has been used in the past to take over a target’s device by simply asking users to click on a link packaged under a fake offering.
Damage Control
WhatsApp discovered cyber-attacks on its systems in May and rolled out various fixes and updates. With the help of The Citizen Lab at the University of Toronto, a six-month-long investigation led to the discovery of Pegasus. According to reports, The Citizen Lab then contacted the suspected targets and warned them that their devices might have been compromised.
But most users did not take it seriously. Eventually, WhatsApp contacted these users through a verified account. Meanwhile, WhatsApp users are scrambling to install the latest versions of their phones’ operating systems and of the app as this is the only cited preventive measure against Pegasus.