| Name | Pegasus |
| Type of Malware | Spyware |
| Date of Initial Activity | 2016 |
| Motivation | Track political leaders, journalists, and activists worldwide |
| Attack Vectors | Spear phishing SMS messages which contains a malicious link or URL redirect |
| Targeted System | Android and iOS |
| Associated Groups | NSO Group. Pegasus, has been licensed to dozens of countries, including Mexico, Bahrain, Saudi Arabia and the UAE. |
Overview
Pegasus is a highly sophisticated spyware which targets Android and iOS mobile devices, developed by the Israeli NSO group. The malware is offered for sale, mostly to government-related organizations and corporates.
The malware infects its targets via several means: Spear phishing SMS messages which contains a malicious link or URL redirect, without any action required from the user (“Zero Click”), and more.
The app features multiple spying modules such as screenshot taking, call recording, access to messaging applications, keylogging and browser history exfiltration.
Targets
Political leaders, journalists, and activists.
Tools/ Techniques Used
Pegasus can leverage vulnerabilities which allow it to silently jailbreak the device and install the malware. Pegasus spyware is zero-click mobile surveillance software designed to infiltrate iOS and Android devices to secretly collect information. Pegasus has extensive data-collection capabilities — it can read texts and emails, monitor app usage, track location data, and access a device’s microphone and camera.
As zero-click spyware, Pegasus can be installed on a target’s phone without the victim needing to take any action themselves. Initially, Pegasus spyware spread through phishing attacks, where victims are sent text messages that include links infected with malware. If the target clicked on the link, their phone was infected with Pegasus.
After the phone is infected with Pegasus, it saves the credentials with an undetected keylogger, then sends the victim’s personal information — such as device location, texts messages, app usage data — to NSO Group’s servers in the cloud.
Impact / Significant Attacks
In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. Governments worldwide have used Pegasus to target activists, including the Amnesty International employee, Saudi activists, Mansoor, at least 24 human rights defenders, journalists and parliamentarians in Mexico, and allegedly murdered Saudi journalist Jamal Khashoggi, according to a lawsuit filed in 2019 by Amnesty International and other groups demanding that the Israeli Ministry of Defense revoke the export license of NSO Group.
