Although pegasus back news of course spying on Catalan pro-independence politicians, It is not new. In fact, this was already linked spyware with another hack to the cell phone of the former president of the Parliament of Catalonia, Roger Torrent Two years ago. And it was a real scandal when 17 international media outlets discovered that the software was used to monitor 37 smartphones belonging to human rights activists and journalists.
In July 2021, a research initiative called Pegasus Projectalong with an in-depth analysis by the human rights group Amnesty International, found that Pegasus it was used extensively against high-profile targets around the world.
And to this day the total number of people affected by pegasus who have been victims of espionage by their own or foreign governments. According to BBC, may have been more than 1,000 affected in more than 50 countries. And there’s a list of some 50,000 phone numbers believed to be of interest to the company’s customers, NSO Groupwhich was leaked to the media:
This list of personalities includes from politicians and heads of state to business executives, activists and members of the Arab royal family. That without counting the Spanish politicians for whom Pegasus has once again been on everyone’s lips.
What is Pegasus and what is it capable of?
pegasus is a spyware (spyware) for iOS, the iPhone operating system, designed and developed by a private Israeli security company called NSO Group. A development that, in principle, is only offered to governments and state security forces and bodies. There is a version for Android, but its attack method is different.
The advantage of Pegasus, and what makes it so dangerous, is that can be installed and run on all iOS devices up to version 14.6 using the method known as zero-click exploits. In other words, it does not require the intervention of the victim for its installation and execution and it is, to the naked eye, invisible and untraceable.
Actually, Pegasus is made up of a set of exploit that take advantage of some iOS vulnerabilities that, despite the fact that Apple has been solving, the truth is that some are still used, especially in those victims whose iPhone has not been updated.
What makes Pegasus particularly dangerous is that it includes several infection vectors. It is capable of taking control of the iPhone simply by clicking on a link on a website viewed from Safari or through any of the system apps like Photos, Grades, AppleMusic either iMessage.
An iPhone can also be infected with Pegasus through simpler, “classic” means, such as using a wireless transceiver near a device or having physical access to the device.
An spyware à la carte, directed and modular
Pegasus is a spyware managed. That is, it is not focused on massive infection, but rather on a specific person or number. In addition, with an “à la carte” infection vector and a very specific task based on the victim and the information to be extracted.
Once pegasus take control of the victim’s iPhone, it is invisible and starts executing arbitrary code to extract information and send it to the attacker. It can access and steal contacts information, call log, messages, photos, browsing history, certificates, system settings and application monitoring.
This allows the attacker to collect information from third-party messaging apps, such as the contents of WhatsApp and messages, emails from Gmail, Facebook, Telegram, etc. Also, just like in a spy movie, you can intercept calls and messages, make audio and video recordings and access all the content of the iPhone or an Android phone remotely.
pegasus is also a spyware modular. It can scan the target’s device and install only the necessary modules. For example to read the user’s messages and email. Or just to listen to calls or take screenshots, among many others. Which makes it even more difficult to detect their presence.
But its level of sophistication goes further. As explained by experts from KarsperskyPegasus hides in the operating system and is capable of self-destruct taking with him all available evidence, or that he was present at the device. If the spyware is unable to communicate with its command and control server for more than 60 days, or if it detects that it has been installed on the wrong device or with the wrong SIM card, it’s erased.
And besides, it is untraceable to the destination. In other words, it is not possible to know for sure who is behind the infection or the spy access to the infected mobile. In fact, this function is one of the great claims of NSO Groupespecially focused on the development of clandestine activities.
Although once a terminal is infected it is not possible to know the origin of the espionageit is possible to detect the presence of pegasus on an iPhone despite the fact that its installation is, at first glance, invisible.
Do you have to worry about being a victim of Pegasus?
It is unlikely that you will be a victim of Pegasus. He is a spyware directed and tailor-made for the victim, and according to the New York Times, It costs $500,000 to infect a mobile and an additional fee to sneak it into a specific terminal (although other voices point to a cost of several million euros). So unless you are a head of state, an activist or a journalist, it is difficult for someone to take so much trouble. More considering that NSO Group he only works, supposedly, at the request of governments or security forces.
How to detect if your iPhone is infected with Pegasus
If you want to rest easy, there are some methods to check if your terminal has been infected with Pegasus. International Amnesty has developed a utility that allows you to identify this malwareIt is called MVT (Mobile Verification Toolkit) and its source code is available on GitHub.
The only thing to keep in mind is that MVT is not a software plug & play, nor are there easy ways to install and run it. It must be compiled for a specific device, and this makes it difficult to access. MTV cannot analyze the device directly, so it is necessary to perform a full system backup on the computer before starting the process, that is, MVT will actually verify the iOS or Android backupnot the terminal itself.
However, there are some third-party tools that simplify the process somewhat. The iMazing apps include Pegasus detection as a free feature. The app uses the MVT kit. Your instructions and your download are available here.