Pegasus Spyware: What Is It? How Does It Infect Your Phone? How Can You Check if Your Phone Has Been Targeted?

Pegasus spyware is a surveillance software created by Israeli cyber intelligence firm NSO Group. This firm is known to build sophisticated software and technology for selling solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts, as claimed by the company. Pegasus is one such software that is created to gain access to your phone without consent and gather personal and sensitive information and deliver it to the user that is spying on you.

Pegasus spyware: What can it do?

According to Kaspersky, Pegasus spyware is able to read the victim's SMS messages and emails, listen to calls, take screenshots, record keystrokes, and access contacts and browser history. Another report corroborates that a hacker can hijack the phone's microphone and camera, turning it into a real-time surveillance device. It is also worth noting that Pegasus is a rather complex and expensive malware, designed to spy on individuals of particular interest, so the average user is unlikely to encounter it.

Pegasus spyware: When was it first discovered?

Pegasus spyware was first discovered in an iOS version in 2016 and then a slightly different version was found on Android. Kaspersky notes that in the early days, one of the main infection schemes was via an SMS. The victim got an SMS with a link. If the person clicks on it then their device gets infected with the spyware.

However, over the last half decade, Pegasus has evolved from a relatively crude system reliant on social engineering to a piece of software that can compromise a phone without the user having to click on a single link, or what the cyber world likes to call zero-click exploits.

Pegasus spyware: How does it infect a phone?

The Organized Crime and Corruption Reporting Project (OCCRP) reports that eventually, as the public became more aware of these tactics and were better able to spot malicious spam, zero-click exploit solution was discovered. This method does not rely on the target doing anything at all in order for Pegasus to compromise their device. Zero-click exploits rely on bugs in popular apps like iMessage, WhatsApp, and FaceTime, which all receive and sort data, sometimes from unknown sources. Once a vulnerability is found, Pegasus can infiltrate a device using the protocol of the app. The user does not have to click on a link, read a message, or answer a call — they may not even see a missed call or message.

“It hooks into most messaging systems including Gmail, Facebook, WhatsApp, FaceTime, Viber, WeChat, Telegram, Apple's inbuilt messaging and email apps, and others. With a line-up like this, one could spy on almost the entire world population. It's apparent that NSO is offering an intelligence-agency-as-a-service,” Timothy Summers, a former cyber engineer at a US intelligence agency said.

Apart from zero-click exploits, OCCRP reports another method called “network injections” to quietly access a target's device. A target's Web browsing can leave them open to attack without the need for them to click on a specifically-designed malicious link. This approach involves waiting for the target to visit a website that is not fully secured during their normal online activity. Once they click on a link to an unprotected site, the NSO Group's software can access the phone and trigger an infection.

Amnesty International recently reported that NSO Group's spyware has infected newer iPhone models, specifically iPhone 11 and iPhone 12, through iMessage zero-click attacks. The spyware can impersonate an application downloaded to an iPhone and transmit itself as push notifications via Apple's servers. Thousands of iPhone handsets have been potentially compromised by the NSO spyware.

Kaspersky says that Pegasus for Android does not rely on zero-day vulnerabilities. Instead, it uses a well-known rooting method called Framaroot. Another difference: If iOS version fails to jailbreak the device, the whole attack fails, but with the Android version, even if the malware fails to obtain the necessary root access to install surveillance software, it will still try directly asking the user for the permissions it needs to exfiltrate at least some data.

Pegasus spyware: Is there a way to detect if a phone's been compromised?

Researchers at Amnesty International have developed a tool to check if your phone has been targeted by the spyware. The Mobile Verification Toolkit (MVT) aims to help with identifying if Pegasus has infected your device. While it works on both Android and iOS devices, it requires some command line knowledge top operate right now. However, MVT may receive a graphical user interface (GUI) over time.