Pegasus spyware spied on mobile users around the world

malware
(Image credit: Shutterstock)

Notable figures such as journalists, activists and politicians have been targeted by phone malware sold to governments by an Israeli software firm.

Multiple reports have claimed the Pegasus spyware was sold by NSO Group to authoritarian governments around the world in order to carry out surveillance on opposition groups and dissidents alike.

A list of around 50,000 phone numbers of individuals affected was leaked to Paris-based NGO Forbidden Stories and human rights group Amnesty International before being reported worldwide, although exactly who revealed the information is still unclear at the moment.

Accusations

NSO denies any wrongdoing, telling the BBC that the report was, "full of wrong assumptions and uncorroborated theories".

The company says its software is sold only to military, law enforcement and intelligence agencies in countries with good human rights records in order to help tackle criminals and terrorists.

The list of 50,000 numbers reportedly contains over 1,000 individuals from more than 50 countries, although 10 countries(Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates) made up the bulk of the entrants.

Affected figures included around 180 journalists, from outlets including CNN, the New York Times and Al Jazeera, several Arab royal family members, politicians, business executives, and political activists - including several close contacts (such as the wife and fiancee) of murdered Saudi journalist Jamal Khashoggi.

Android phone malware

(Image credit: Shutterstock)

The news is not the first time NSO or Pegasus has made headlines for reportedly malicious activity.

In 2019, the company was sued by WhatsApp over allegations 1,400 of its users in 20 countries had been targeted by Pegasus. Although NSO denied any wrongdoing, the company was blocked from using WhatsApp.

The latest allegations include claims that Pegasus infects Android devices and iPhones, giving operators (governments, in this case) access to messages, photos and emails. It can also record calls and surreptitiously activate microphones.

The spyware reportedly needs little activity to install itself on a victim's phone - which can in fact be done via a simple WhatsApp call.

Using this, data packets are altered in the voice call sent to the target/victim, leading to an internal buffer in the WhatsApp application to overflow, which in turn will overwrite parts of the memory leading to the bypassing of the app’s security, allowing further control of the whole device and the data within it.

Researchers claim that 'authoritarian governments' have been known to create fake WhatsApp accounts to make video calls to their targets, transmitting the malicious code and auto-installing the spyware even if the targets did not answer the call.

Experts say that the only way to completely free your mobile of spyware like Pegasus is to discard the phone - as even a 'factory reset' may not be enough to secure your phone back.

TechRadar Pro has contacted NSO Group for comment.

Via The Guardian

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.