PEGASUS – Revealed
The ultimate spyware

Here you can go with:

• What is Pegasus?
• Origination
• Injected via WhatsApp
• How to prevent these attacks?
• Reports of Medias
• Conclusion

What is PEGASUS?

Pegasus is a high malignancy Spyware that can be covertly installed on mobile phones and running of the versions of both I0S and Android. Rather than the previous generation payloads and malware, it doesn’t require any permission, Once it’s installed in the mobile it roots/ jailbreak mobile systems and escalates the privileges to the root. Once it’s got root privilege the entire mobile access can be achieved by the attacker. According to the Washington Post and other prominent media sources, Pegasus not only enables the keystroke monitoring of all communication from a phone (texts, emails, web searches). But it also enables phone calls and location tracking, while also permitting NSO Group to hijack both the mobile phone’s microphone and camera, thus turning into a constant surveillance device.

ORIGINATION

Pegasus was developed by the Israel Cyber arms firm NSO group. They released a statement that Pegasus was developed and sold for monitoring and spy the terrorist organization, but the researchers reported that the Pegasus malware was available on the dark web’s black market. According to several reports, software created by the NSO group was used in targeted attacks against human rights activists and journalists in various countries.

“Security is always excessive until it’s not enough.” – Robbie Sinclair

WHATSAPP THE ATTACKING PLATFORM OF PEGASUS

Are you a user of WhatsApp? Beware that a serious vulnerability in the application has been exploited. The flaw allowed hackers to compromise devices using a form of advanced spyware developed by Israel company NSO group.

Whatsapp officially announced that their application was hacked by the NSO group and They reported a case against this organization. On the same day, they released a patched update. The vulnerability is described as a buffer overflow (Binary exploitation) Whatsapp VOIP stack. It allowed remote code execution via a specially crafted series of SRTCP packets sent to a target phone number.

This vulnerability affects Whatsapp for Android prior to v2. 19.134, IOS prior to v2. 19.51. Apparently, CVE-2019-3568 was discovered earlier this month while the company was making security improvements

Exploits based on the flaw happened by calling either a vulnerable iPhone and Android devices via the Whatsapp calling function, it should be mentioned that the calls didn’t need to be answered and often disappeared from logs. Fortunately, the flaw was supposedly fixed.

How to prevent these attacks?

First of all, we are not responsible for anything, it’s not a client-side attack it’s a security flaw the company missed to patch. They exploited the zero-day attack so we can’t do anything. The only hope is to wait for the patched updates.

REPORTS OF MEDIAS

The Guardian, Washington Post media reports that this spyware infects more than 50 million mobiles globally. The organization targets journalists, politicians, and human rights activists. They claimed a list of targeted numbers including our Telecom Minister of India and Mr. Rajiv Gandhi and Priyanka Gandhi.

CONCLUSION

Reverse Engineering

The various teams of Reverse engineers and malware analyzers are working to decode this spyware and analyze its signature to make anti-virus patches. This incident makes a thought “privacy is an illusion? “

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” – Stéphane Nappo