How to detect Pegasus Spyware

Pegasus malware

the Print

What is Pegasus software

Pegasus first made headlines in 2019 when some journalists and activists found that the spyware had hacked their phones.

Pegasus is an advanced surveillance software developed by the NSO Group, an Israeli tech firm. The NSO Group is well-known for its ability to create specific hacking tools.

Pegasus originally hit the headlines in 2016 when it was alleged that the software was used to attempt to hack into the iPhone of an Arab human rights activist.

Days after the claimed incident, Apple published an iOS version that supposedly addressed the vulnerability that was being misused by Pegasus to hack into its phones.

In 2017, researchers found that the software could also be used to hack Android-based smartphones. As a result of the investigation, additional security upgrades were released.

Pegasus has also been at conflict with Facebook, which in 2019 filed a lawsuit against the NSO Group for creating the monitoring software.

Pegasus has been called the most powerful phone hacking tool available today. The NSO Group has repeatedly stated that it is not liable in the event that the Pegasus software is mishandled.

According to the organisation, it only offers the software to verified governments and not to people or other organizations.

How does Pegasus hack a phone?

The most intriguing aspect of Pegasus for its users is the complete intrusion it claims, with the targetted individual having no idea that their phone has been hacked.

There have been some reported strategies of using the Pegasus software to hack a phone. The target may be hacked by making them click on a malicious link provided to their phone.

The virus can also be installed via taking advantage of a security breach in WhatsApp and equivalent apps' voice calls.

A single missed call can install the application on the target phone, which then deletes the call log entry, keeping the hacking victim in the dark.

Pegasus may possibly access all information on the phone, including encrypted chats and files, after it is installed.

Pegasus, according to cybersecurity experts, has access to the compromised device's messages, calls, app activity, user location, video camera, and microphone.

Specialists from Kaspersky, a well-known cybersecurity firm, used the term "total surveillance" to define the Pegasus software's capabilities.

Who needs to be concerned about Pegasus?

Pegasus is the ultimate spying tool, and it is the spyware of choices when a government intends to spy on someone. Pegasus has access to even encrypted WhatsApp messages.

However, the common phone user does not need to be concerned about the Pegasus. Even the most recent reports, as far as we know, look at the previous breaches rather than current ones.

As a result, you should be safe if you use the most recent software versions – iOS 14 or Android 11 – as well as the most recent versions of apps like Facebook and WhatsApp.

Your phone, however, is not invincible to hackers. Because the NSO Group, which runs Pegasus, still exists, there's a good chance that a new version of Pegasus malware emerges as well.

One would have no way of knowing whether their phone had been hacked.

However, it should be noted that Pegasus is extremely expensive, and it is only sold to government departments for "targeted spying," according to the NSO Group. 

So, unless a powerful organisation like the government has a purpose to keep you under monitoring, Pegasus won't harm you.

How to detect Pegasus Spyware?

Pegasus is incredibly sophisticated spyware, make no mistake. This means that, apart from the stated spying objectives, it was developed specifically to escape detection.

As a result, identifying it on an infected device is no easy task.

In previous Pegasus attacks, the location of spyware was detected by the presence of a malicious link in messages or emails.

Later on, the trend of making spyware-triggering WhatsApp calls was discovered as a threat.

There are no such indicators in today's more sophisticated zero-click attacks. Fortunately, Amnesty International's latest Forensic Methodology Report provides insight on the spyware's traces.

Several URL redirections have been discovered on infected devices, according to the new security research. The first ones were discovered in Safari's browser history, but odd redirects were later discovered in other software as well.

A total of 700 Pegasus-related domains were uncovered throughout the research, according to the study.

According to the report, another way to find Pegasus is to look at the iOS logs of process executions "and their related network usage" in two specific files.

Infected devices' network usage databases revealed a suspicious process called "bh." Following access to Pegasus Installation domains, this "bh" process was noticed.

Pegasus has detected similar traces in almost all of the vulnerabilities it has hacked so far.

The problem is that an ordinary smartphone user will never detect these, while the spyware will continue to work, leaking the user's info to the spyware user.

Amnesty International has also opted to build openly the techniques it uses to detect Pegasus.

Although the tool is not a simple app that you can run on your phone or computer, it is designed for use by security experts.

How to get rid of Pegasus Spyware?

According to cybersecurity experts, a device infected with Pegasus may never fully recover from the attack. Even after a hard factory reset of the device, traces of the spyware may still be detected.

As a result, the best choice for spyware victims is to completely remove the infected gadget.

Amnesty International's GitHub allows users to check for all signs of a compromise. In addition, the organisation has developed a modular tool for such an analysis called Mobile Verification Toolkit (MVT)

Anyone who detects Pegasus on their phone should replace to a new phone and update the passwords for the apps and services they used.

Points to Remember About Pegasus:

  • It is a sort of spyware that is considered as malicious software or malware.

  • It is meant to get access to devices without the users' consent, collect personal information, and pass it back to whoever is snooping using the software.
  • Pegasus was created by the Israeli company NSO Group, which was founded in 2010.

  • First ever version of Pegasus, identified in 2016, attacked smartphones using a technique known as spear-phishing, in which a target is misled into clicking on a malicious link via text messages or emails.

  • NSO's attack capabilities, on the other hand, have increased since then. Pegasus malware can be spread using so-called "zero-click" attacks, which require no action from the phone's owner to be effective.

  • These will frequently take use of "zero-day" vulnerabilities, which are loopholes or bugs in an operating system that the phone's manufacturer is unaware of and so unable to fix.

Leave a Comment