Not Just WhatsApp: Pegasus Threat Looms Across Many Platforms

Pegasus, the spyware made by Israeli firm NSO Group, was used to hack into the phones of at least 1,400 people globally by exploiting a vulnerability via WhatsApp to get into a user’s device.

Once in the device, the device is as good as unlocked for the attacker, giving them access to all the apps in the phone. In other words, the attacker has complete control of the phone and can access any app, be it Telegram, Signal, Skype or payment wallets.

The spyware contains code that is capable of spying, collecting data, and reporting back on what the user does on the device – everything; calls, emails, texts, location, app data, etc. It remotely collects all the information about a target's device, wherever they are.

Target Oblivious to Attack

The installation is entirely concealed and the target will not be aware that software is being installed on their device.

Works Across Platforms

Although this particular hack, where about 121 Indians were targeted, happened through WhatsApp, the spyware can trace data from any application on the phone. According to a Lookout report, it can access anything – from logs, mails, passwords, messages, calls and more, from apps including, but not limited to:

• FaceTime
• Gmail
• Facebook
• Line
• Mail.Ru
• Calendar
• WeChat
• Surespot
• Tango
• WhatsApp
• Viber
• Skype
• Telegram
• KakaoTalk

Installation

NSO says that installing the spyware is the most sensitive and important phase of the intelligence operation.

Following are the various ways an attacker can install Pegasus on a target:

1. REMOTE INSTALLATION

Over-the-Air (OTA): A push message is remotely and covertly sent to the mobile device. This message triggers the device to download and install the agent. During the entire installation process, no cooperation or engagement of the target is required (eg: no need to click a link, or open a message) and no indication appears on the device.

2. ENHANCED SOCIAL ENGINEERING

Enhanced Social Engineering Message (ESEM): In cases where OTA installation method is inapplicable, the system operator can choose to send a regular text message (SMS) or an email, luring the target to open it. A single click on the link will result in hidden agent installation.

Following are a few 'benefits' and ‘features’ of Pegasus:

BENEFITS

• Unlimited access to target's mobile devices: Remotely and covertly collect information about a target's relationships, location, phone calls, plans and activities – whenever and wherever they are.
• Intercept calls: Transparently monitor voice and VoIP calls in real-time
• Bridge intelligence gaps: Collect unique and new types of information (eg, contacts, files, environmental wiretap, passwords, etc) to deliver the most accurate and complete intelligence.
• Handle encrypted content and devices: Overcome encryption, SSL, proprietary protocols and any hurdle introduced by the complex communications world.
• Application monitoring: Monitor a multitude of applications including Skype, WhatsApp, Viber, Facebook and Blackberry Messenger (BBM).
• Pinpoint targets: Track targets and get accurate positioning information using GPS.
• Service provider independence: No cooperation with local Mobile Network Operators (MNO) is needed.
• Discover virtual identities: Constantly monitor the device without worrying about frequent switching of virtual identities and replacement of SIM cards.
• Avoid unnecessary risks: Eliminate the need for physical proximity to the target or device at any phase.

FEATURES

• Penetrates all Android, BlackBerry, iOS and Symbian based devices
• Accesses password-protected devices
• Extracts contacts, messages, emails, photos, files, locations, passwords, processes list and more
• Accesses password-protected devices
• Leaves no trace on the device
• Self-destruct mechanism in case of exposure risk
• Retrieves any file from the device for deeper analysis