Yesterday, the Pegasus project, which was supported by the Süddeutsche Zeitung, the Zeit and the NDR in Germany was researched, released. According to this, journalists and members of the opposition are spied on worldwide using the Pegasus espionage software.
The iOS version of Pegasus was first discovered in 2016, about a year later an Android version was found and presented at Kaspersky’s Security Analyst Summit in 1997. Dmitry Galov, Security Researcher in the Global Research and Analysis Team (GReAT) at Kaspersky, answers the most important questions about Pegasus below.
What is pegasus
Pegasus is a modular spyware for iOS and Android. In 2016, an iOS version of Pegasus was discovered, later a version for Android that is slightly different from the one for iOS devices. The infection usually takes place as follows: The victim receives an SMS with a link; if this is clicked, the device becomes infected with the spyware. In addition, according to public information, the spyware exploits zero-day vulnerabilities found in the system to infect iOS.
When we examined the Android version of Pegasus in 2017, the spyware was able to read the victim's SMS and emails, listen to calls, take screenshots, record keystrokes, and access contacts and browsing history. Pegasus is quite complex and expensive malware designed to spy on people of special interest so the average user is unlikely to come across it.
Pegasus: Extremely well hidden spy software
How common are such vulnerabilities that make it possible to spy on people? Are there such examples now on the Darknet and how unique is this service in general?
One has to distinguish between the two different concepts of spyware and vulnerabilities. Pegasus is spyware with versions for iOS and Android devices. When we investigated Pegasus for Android in 2017, the perpetrator could, among other things, read the victim's SMS and e-mails, listen to calls, take screenshots, record keystrokes and access contacts and browser history.
Zero-day vulnerabilities in iOS
In addition, the spyware is known to exploit zero-day vulnerabilities in the system to infect iOS. These are vulnerabilities that are unknown to the developer and for which a fix has not yet been released, but which cyber criminals can exploit to carry out a variety of types of attacks, including targeted attacks on specific organizations or individuals. Both spyware and zero-day vulnerabilities are sold and bought by different groups in the Darknet. The price for vulnerabilities can reach $ 2,5 million - that's how much was offered in 2019 for all of the existing vulnerabilities in Android. Interestingly, that year, for the first time, an Android vulnerability turned out to be more expensive than an iOS vulnerability.
What should users do to protect themselves?
The best way to protect yourself from this is to provide as much information as possible about it to the appropriate software and security providers. Software developers fix the vulnerabilities exploited by the attackers and security providers take measures to identify this threat and protect users.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/