Pegasus spyware has taken over the bulletins yet again. Last we heard of this snooping malware was back in 2019 when it started extracting WhatsApp chats from the phones of journalists and activists. Well, it's back in the news! As reported by The Guardian, the Pegasus spyware was used for a global surveillance operation.
The leaked snoop list included phone numbers of over 40 Indian journalists. A major chunk of the journalists in the list are based out of Delhi and work with known media houses such as the Hindustan Times, India Today, Network18, The Hindu, and Indian Express. Moreover, independent digital forensic analysis of 10 Indian phones that were on the list confirmed signs of attempted or successful Pegasus surveillance.
The Pegasus spyware is sold by the Israel-based cyber intelligence and security company NSO Group that was founded in 2010. The spyware enables the operator to remotely access smartphones and extract information by snooping into their data. They can also control the camera and microphone of a device.
The spyware first came to light in 2016 when an Arab activist noticed suspicious messages on WhatsApp. The spyware was believed to be targeting iPhones, which was later fixed by Apple with the aid of an iOS update. The company has always maintained that the spyware is not sold to private entities.
The firm's human rights policy states "contractual obligations requiring NSO's customers to limit the use of the company's products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights".
NSO hasn't confirmed whether the Indian Government has used Pegasus, but the presence of the spyware in the phones of journalists in India hints that one or more official agencies are leveraging the spyware for extracting important information.
Back in 2019, Facebook-owned messaging service confirmed that around 1,400 of its users from 20 countries, including Indian journalists and other known personalities were targeted by the Pegasus spyware.
So how did the spyware exploit these phones? Well, there's a reason it is touted as the "most sophisticated" spyware. Pegasus makes the hacking process seamless, leaving the phone users clueless about the nefarious activities done to their phones.
Hackers send a malicious link to the target's phone, and if the user happens to visit the link, the spyware gets installed on the phone without the user knowing about it. Besides, there's another way of installing Pegasus through a security bug in voice calls on WhatsApp.
The hackers can also install the spyware just by giving a missed call to the target's phone. Moreover, the spyware deletes the missed call entry so the user won't be able to suspect anything fishy. Once installed, the spyware can snoop through every nook and corner of the target's phone.
The spyware is so effective it could extract information from encrypted files as well. Through Pegasus, hackers can take over the phone's systems, gaining access to passwords, WhatsApp messages and calls, normal voice calls, contacts, phone's microphone, and even the camera.
There are a few ways to protect yourself from being subjected to the Pegasus spyware attack. It is advisable to not answer WhatsApp calls from numbers outside your contact list. Besides, it's recommended to not pick calls from unknown networks as well.
Moreover, avoid opening links to ads and promotions from unknown senders, as they could be potential malware or spyware including Pegasus. Opening links can lead to the spyware install itself on your phone without you noticing and might steal your personal data.
Many security experts believe that completely getting rid of Pegasus is difficult once it's installed on a phone. In that case, discarding the phone is advised. In fact, factory resetting the phone might also not work, as it might not remove the spyware completely.
To your relief, Pegasus has already been around for a while and many big firms such as WhatsApp, Apple, Google, and others have researched well to patch loopholes that allow the spyware to exploit smartphones. Besides, Pegasus is a targeted surveillance tool and is very expensive to get hold of, and might only be used by big organizations to track high-value targets. So, it's unlikely an everyday user will encounter this high level of surveillance.