Pegasus spyware has been a trending incident in the news for a few days, fetching many concerns among ordinary people regarding their safety. However, many things remain unknown and not all the source news released can be trusted. Today’s article talks about the top facts about Pegasus Spyware and all you need to know about it. Read on to learn more about it.
Please note that this article solely focuses on the technical aspects of spyware and is written to best suit everyone reading it. However, it doesn’t concentrate and follow any controversial news revolving around the Pegasus Spyware.
What is Spyware?
Spyware comes from a family of malware that is capable of exfiltrating sensitive information. This malicious piece of code exists in the form of adware, web trackers, and trojans that intrude through the device’s security measures. They ‘spy’ on the victim’s activity in the device where they’re installed and send it to the servers- indirectly to the group that runs these campaigns.
What is a Pegasus Spyware?
Pegasus is spyware developed by an Israeli organization called NSO. This particular spyware is exceptionally expensive and is owned by the government to spy and investigate cybercrime and terrorism-based activities. It first came into the news back in 2016, and it has still been an issue of concern for the privacy rights of everyday people.
What does the Pegasus Spyware do?
- The Pegasus Spyware is known to be distributed via suspicious links. If, for example, someone sends the victim containing the spyware and the victim clicks on the link, then the device becomes infected.
- This malicious spyware is also known to exploit the known vulnerabilities within the device and can get backdoors installed. This backdoor provides further easy access for the threat actors to get into the system bypassing authentication.
- Further, as the spyware functions, it secretly sends the data to the organizations who initiated it. The data that’s being secretly stolen includes logs of call, email, social media, contacts, browsing, and media.
- Along with it, the spyware is capable of listening to data by turning on the microphone, turning on the camera to record the instances, capable of entering the computer devices, and tracking the users with GPS.
Statistical Figures revolving around the Pegasus Spyware
- The Pegasus Spyware is developed by NSO Group that trades this software only to government organizations primarily for tracking criminal activities.
- The license cost and installation fee for this software are around 70 lakh INR and $500,000, respectively.
- Apart from that, there is annual maintenance which is 17% of the certain costs included.
- As known from other open sources, the minimum cost to spy on ten devices is around $650,000.
- There are 106 indicators of compromise (known as IOCs) that were added and updated in 2021, which were regarded with Pegasus.
- Additional indicators of compromise are updated on the GitHub page of Amnesty, which is sorted as per country, attacks, hosting providers, files, domains, and many more.
What to do if Pegasus Spyware hacks you?
If you suspect any malicious functioning of your devices and suspect that this spyware has infected them, then there is a solution to it. We suggest you go through a few tutorials provided by Amnesty for their tool. Amnesty is an NGO that works actively towards human rights and has constantly been working to share unknown facts about this spyware.
This tool, called Mobile Verification Toolkit (MVT), is a forensic tool with forensic methodologies that uses a known list of Pegasus IOCs to verify the infection.
There are commands used for operating systems like Android, iOS, Mac, and Linux distributions. These commands are:
- check-backup: For extraction from iTunes backup
- check-fs: For extraction from the filesystem
- check-iocs: To check for known IOCs in the device
- decrypt-backup: To perform decryption of iTunes backup
- check-backup: For checking of Android backup
- download-apks: For downloading APKs
Mitigations to avoid the Pegasus Spyware
Now that we’ve read all the facts about the Pegasus Spyware, here are some mitigation techniques that you can use to safeguard yourself.
- Since this spyware spreads through spear-phishing, we recommend not clicking or downloading any links from unknown resources or strangers.
- Installing robust security technologies such as firewalls and antivirus can aid in the detection of any maliciousness in the system that can be effectively remediated.
- The spyware also exploits known vulnerabilities, but often there are security patches released frequently. Regular system updates can minimize the possibility of getting affected by the spyware.
- Apart from that, maintaining certain habits that escalate the device security are always recommended, such as frequent password updates, strong password policies, and not writing them down anywhere.
- Avoid installing anything from third-party softwares just because they’re free or not that reputed in terms of security. Also, restrict from using cracked versions of software.
Towards the conclusion
As we conclude on the topic of top facts about the Pegasus Spyware, the question that you might still have is,’ How worried should I be about this entire issue?’.
Since the cost of exfiltrating information from any set of devices is a lot for the government, it is possible that common people are not on their target list. A specific set of activities that the government tracks might not be applied to everyday people.
However, this spyware might be on your device, and one might not even know that it is scary. So it’s better to always maintain all the precautions that will maintain proper security of your devices and reduce the risk of infection.
This article has been written by Rishika Desai, B.Tech Computer Engineering graduate with 9.57 CGPA from Vishwakarma Institute of Information Technology (VIIT), Pune. Currently works as Threat Intelligence Researcher in CloudSEK. She is a good dancer, poet and a writer. Animal love engulfs her heart and content writing comprises her present. You can follow Rishika on Twitter at @ich_rish99.