How to Detect and Protect Against Pegasus Spyware?

What is Pegasus Spyware?

Pegasus is one of the most advanced spyware for Android and iOS devices ever created. Traditional spyware installs itself after the victim presses on a link in an email or social media. Pegasus spyware uses several different exploits to be installed remotely. Some are called zero-click exploits.

These exploits don't ask for any permissions or specific actions from the user. Instead, the spyware is downloaded and installed into the smartphone using security flaws of already trusted software programs, such as operating systems or crucial apps.

Pegasus spyware is worrying not only because of how it enters the device but also because of what it can do.

• Recording sound and video
• Intercepting phone calls
• Reading messages in apps and SMSAccessing photos and other files
• Capturing screenshots
• Surveilling app usage
• Tracking the device's location in real-time
• Viewing calendar events
• Extracting browsing history and saved passwords
• Collecting the device's unique identifiers (IP and MAC addresses)

Reportedly, Pegasus spyware can even self-destruct after a period of inactivity or after being detected. All the data it collects is being sent back to the NSO Group servers.

Who Created Pegasus Spyware?

Pegasus spyware was created by an Israeli-based cyber-intelligence company called the NSO Group. The abbreviation stands for the names of the three founders who created the company back in 2010.

Today, the NSO Group employs hundreds of cyber intelligence professionals, many of which are former Israeli military intelligence personnel. According to the New York Times, the Pegasus software has long been used as a tool for Israel's foreign policy.

Although the stated aim of the NSO Group is to help governments "prevent and investigate terrorism and crime," it has been involved in quite a few controversies:

• Israel has faced criticisms for selling the Pegasus spyware technology to countries with poor human rights records, such as Russia, while denying it to others.
• The company itself has faced various lawsuits, most notably from Meta and Apple. Both of which are still ongoing at the time of writing.
• The US has even added the NSO Group to the Entity List as a threat to the state because its spyware was used by foreign governments against US citizens and officials.

Unlike most other spyware, Pegasus has a known company behind it, which makes it easier for governments and corporations to deal with. Taking action as an individual is much more difficult. That's why it's crucial to have an understanding of how Pegasus spyware works.

How Does Pegasus Spyware Work?

Various reports and even scientific articles have been written about Pegasus Spyware. The exact functioning of the spyware and its privacy implications are still being debated. What we know about the software can be simplified in a couple of steps.

• Initial compromise: The attacker first examines potential social engineering opportunities or software vulnerabilities. Pegasus infections often start with zero-click attacks, malicious text messages, or network injection methods.
• Exploit: The software flaws that serve as an entry point are most effective when they are still unknown to developers. That's why smartphones with out-of-date software are the most at risk.
• Installation: The attacker, using one or several exploits, is able to gain access to the victim's device and install the Pegasus Spyware.
• Persistence: Pegasus spyware can hide its presence in sophisticated ways, such as obfuscating its code, pretending to be a legitimate system process, or injecting itself into other processes to run in the background.
• Data collection and remote control: The collected data and other communications are sent back to the NSO Group servers using a variety of different techniques. Most notably, different levels of encryption, disguise, and C2 servers are used to avoid antivirus tools or retain control.

Pegasus Spyware: Major Incidents and Global Impact

Most of what is publicly known about the Pegasus spyware is from various forensic analysis reports done by organizations like Amnesty International and The Citizens Lab. There are also public documents provided by the NSO Group themselves, such as their transparency report.

The biggest number of Pegasus attacks, over 50,000, were revealed by the Pegasus Project. From journalists and dissidents to heads of state - anyone can become a target of a Pegasus attack. Here are a few prominent incidents.

• The president of France, Emmanuel Macron, was on the list of people whose phone number was targeted by NSO Group software.
• Members of the Palestinian human rights groups were found to have Pegasus-infected smartphones.
• A Saudi journalist and dissident, Jamal Khashoggi, was murdered after months of tracking his and his family's devices with Pegasus software.

Various companies and governments have moved with legal action and sanctions against the NSO Group in response to Pegasus spyware attacks. Cybersecurity organizations and journalists have revealed a lot about how it works. Is it less of a threat to our privacy and security because of this?

Is Pegasus Spyware Still a Threat Today?

Yes, Pegasus Spyware is still a threat, but not in the way most think it is. NSO Group has responded to allegations of Pegasus misuses by claiming they sell the spyware only to selected buyers. Whether they follow human rights is up for debate, but the fact remains that Pegasus spyware isn't easy to get.

Most Pegasus incidents we know of are cases of targeted surveillance, where countries or their institutions collect data from specific high-level targets. Besides the lack of precedent for mass surveillance with Pegasus, there are economic reasons against its mass use.

It's speculated that even one Pegasus license and its operating expenses can cost over a million dollars. A buyer would need much more than one license and government-level connections to be even considered. For example, the Estonian government made a $30 million down payment, and their sale was still unsuccessful.

If you are a high-ranking official, journalist, or dissident, the millions for surveilling you might be worth it, and Pegasus Spyware is still used for such purposes. One of the most recent incidents was the iPhone hacking of Latvian-based Russian journalist Galina Timchenko in February of 2023.

A more likely threat for an ordinary internet user is to fall for a related Pegasus email scam. It's a cyber extortion strategy involving emails claiming receivers have been hacked with Pegasus. Unless they pay a hefty sum to the scammer, their personal data will be leaked.

Likely, similar zero-day spyware – Hermit, Chrysaor, or some version of Trojan, was used on your device. Even more likely that there is no leak, and it's all a bunch of lies to trick you out of your money.

For the already mentioned reasons, it's doubtful that Pegasus Spyware was used to extort a couple of hundred dollars from you. But if there is even a small chance, you should take steps to detect and remove Pegasus.

How to Detect Pegasus Spyware on Your Device?

Every spyware, no matter how sophisticated, leaves signs of its activity known as forensic traces. Amnesty International's Security Lab has made a list of forensic traces the activity of Pegasus Spyware leaves behind. Mostly, they include NSO Groups infrastructure, such as:

• DNS servers
• Domain names
• Email addresses
• Process names
• Weblinks

One strategy for detecting Pegasus would be to look for processes that interact with any of the known NSO infrastructure. A tool called Mobile Verification Toolkit (MVT) automates this process for Android and iOS devices.

Detecting Pegasus, even with MVT, will take time and skill. It might be better to seek help from cybersecurity professionals or contact a digital security helpline.

How to Protect Yourself from Pegasus Spyware?

Removing Pegasus spyware might be too much of a hassle. You might need to build your digital services anew, not to mention the possible data that might have been leaked. It's one of the worst nightmares to happen for anyone active online. The best defense against such spyware as Pegasus is strong precautionary measures.

Best Practices to Prevent Spyware Attacks

• Keeping your devices up to date - Zero click attacks are the most successful in systems where crucial security vulnerabilities haven't been patched yet. If you want to stay safe, be the first to update your software.
• Follow the news about common spyware and the methods used to spread it. It is not just your software that needs to be up to date, but your mindset as well.
• Using only secure apps that don't have known security vulnerabilities will decrease the chances of your device getting hacked with Pegasus. In general, the fewer apps you use, the more secure your device will be.
• Avoid opening suspicious links, messages, or attachments that you didn't expect or that look suspicious. If you have received something suspicious, immediately check for traces of Pegasus. In some cases, devices were infected with Pegasus only by receiving messages.
• Use multifactor authentication (MFA) so that your apps or accounts are not opened with just a password. Attackers can learn your passwords using Pegasus, but going around MFA will be an additional hassle.
• Don't use insecure networks, such as public wi-fi or hotspots. Make sure to secure your home network and routinely check whether it wasn't compromised.

Using VPNs for Added Security

A VPN server can be helpful in deterring most kinds of spyware because your data is being encrypted and routed through third-party servers. It's most effective against Pegasus email scams as your data is less likely to be leaked, but VPNs also help in other ways.

For example, if the spyware intercepts the data while it's on the way to or from your device, the attacker won't be able to decipher it. Similarly, a VPN could also protect you from some, although not all, delivery modes of Pegasus spyware.

Some exploits use vulnerabilities from your mobile data carrier, DNS server, or other network infrastructure. Using a VPN server can potentially defend you against these vectors of attack.

Perhaps the most important aspect is that a VPN will allow you to take control of your online privacy, which is where CometVPN excels at. The less information governments and corporations have about you, the lower the odds that you will become a target worth spending millions to spy on.

Other Tools for Protecting Your Mobile Device

Other cybersecurity tools can also potentially close certain vectors of Pegasus spyware attack. Most of them are quite standard for all internet users.

• Ad-blockers on your device will lower the chances of you accessing websites that might show malicious links, send infested files, or make your system vulnerable in other ways.
• Antivirus and anti-malware software will remove unwanted ads or trackers.
• A firewall on your network devices or smartphone might close connections that are known to be exploited by spyware developers and hackers.

Conclusion

No device is completely safe from Pegasus spyware, but as all-powerful as it may be, the chances of it targeting you are slim. You can ensure that they stay minimal by keeping a low online profile with tools like a trusted VPN service.