Submitted by James Azar on Wed, 09/26/2018 - 16:20
Are you being watched?
Are you being watched?

Maybe.

Pegasus, a potent cell phone spyware program, previously known to have infected both Android and iPhone, is now believed to be present in over 45 countries.

Citizen Lab reported finding 36 Pegasus operators in 45 countries, 10 of which are involved in cross-border espionage.  Citizen Lab further suggested that some of these countries are known to use spyware with the intention to target private citizens, these have formerly included Animal rights activists.

Developed by NSO group, an Israeli led cyber security service known for its advanced surveillance tools capable of remote highly targeted hacking of both iPhones and Android phones, Pegasus is the spyware to be reckoned with. 

What is Spyware? 

Spyware is covert malware that gathers data from the user, rather than seeking to destroy an operating system or hijack a system for a straightforward ransom.  By infiltrating a PC or mobile device, this malicious software gathers information about the user. 

Being aware of spyware.

The use of spyware falls into a few key categories:

1.Password stealers are simple applications intended to harvest passwords. The infected computer will have a variety of password logins for various purposes and hackers can use these at a later date or access private accounts with the gathered information. 

2. Banking Trojans target authorizations for banking, digital wallets and financial institutions.  They stereotypically modify web pages or transaction information through weak browser security. 

3. Infostealers inspect the user's computer for data,  such as passwords, email, history, log files, system data, documents and spreadsheets. 

4. Keyloggers, monitor keystrokes, websites searched and visited and online chat and communication. They collect this data through screenshots or through audio and video surveillance at predetermined times. 

How is it deployed? 

Spyware can attach itself to an operating system or a user can inadvertently give permission for the spyware to install.

Security weaknesses 

Spyware can be deployed by connecting to an unfamiliar link or email attachment which downloads and “executes" the program. This could also be triggered through an exchange of documents or software (even through music files). 

Marketing software

concealed in the guise of a useful software tool, concerned citizens should be very alarmed about new download managers and internet accelerators. This is classic spyware bait for unsuspecting victims. 

A spin-off on this is of course, free software, or freeware. Except, nothing comes for free and if your sense of cynicism didn’t get the better of you and you downloaded the freebie, hidden within the free software could be an add-on or plugin digging its hooks into your data. 

Mobile device spyware

Both Mac and Android devices can be infected when you install an app with malicious code, however Pegasus is more robust because of the way it infects a mobile device. 

Say hello to the spyware powerhouse, Pegasus. 

This spyware installs itself in the core of the operating system, which gives espionage services the opportunity to intercept conversations before encryption. This system will render 'end-to-end' encryption, for example through WhatsApp or Telegram, useless. Although Apple issued a security update preventing Pegasus infecting iPhones, those with the spyware already installed, with or without their knowledge are unable to fight it. 

Pegasus, like other cyber espionage weapons is on sale to the highest bidders, which come in the form of oppressive state-run organizations, explaining the massive spread of this spyware.  

When we reflect on how much information we store in our phones or through communication via our phones, the potential of Pegasus information gathering is shocking and useful, if you are the one deploying the spyware.   Whilst espionage is nothing new, the availability of Pegasus to rogue states or players should have us all concerned about its' commercial availability.