Info-tech

Pegasus: How does the malware sneak into a victim’s phone?

K V Kurmanath Hyderabad | Updated on November 01, 2019 Published on November 01, 2019

Pegasus can target any device, any messaging service, several Operating Systems

If it were a malware targeting a computer or a mobile phone, by stealthily entering the devices luring the users to click a malicious link, people would not have been surprised.

A malware targeting WhatsApp accounts of users have shocked the world because the social media platform promised a secure transmission of data between devices.

The latest snooping story reads like a sci-fi movie, with bad guys sitting in isolated geographies, launching surreptitious malware attacks on targets, stealing information by lurking there without the victims noticing the damage.

The Facebook arm still claims that there’s no problem with the encryption and decryption handled by it. They hackers have infected the phones to steal the information, it said.

But how could the spyware Pegasus, used by the Israeli firm NSO, could break into about 1,400 people (the number could grow), mostly human rights activists, lawyers, government officials and journalists?

The modus operandi

In this particular attack, which rocked the country, the Israeli group used sophisticated tools. The hackers have created WhatsApp accounts using telephone numbers registered in countries during January 2018 and May 2019. They used these numbers as launch pads to send a malicious code to target devices in April and May 2019.

In complaint against the hackers that was filed in a US Court, WhatsApp said that phone numbers were registered in countries like Cyprus, Israel, Brazil, Indonesia, Sweden, and the Netherlands.

“They leased servers and internet hosting services in different countries, including the United States, in order to connect the target devices to a network of remote servers intended to distribute malware and relay commands to the target devices,” WhatsApp has explained.

The attack is so sophisticated that the victim need not click on a link or provide some information to the hacker as it happens in normal cyber attacks.

“The victim need not take any action, such as clicking a link or opening a message (known as remote installation),” WhatsApp told the US district court in California.

After being installed in a device, the spyware establishes a information route, enabling the hacker to intercept and extract information and communications from the infected devices. The deadly spyware Pegasus could “remotely and covertly extract valuable intelligence from virtually any mobile device.” The malware is so powerful it could compromise Telegram, WeChat, Facebook Messenger, WhatsApp, and other messaging platforms. It can work on phones with iOS, Android and Blackberry.

It is so flexible that it could be customized for different purposes, including to intercept communications, capture screenshots, and copy browsing history and contacts from the device.

Published on November 01, 2019
This article is closed for comments.
Please Email the Editor