29 Aug 2016

PegasusA newly discovered piece off malware that was created by the NSO Group, a sketchy company that builds hacking tools for governments, intelligence agencies, and militaries, has the ability to basically turn any iPhone into a surveillance device without the user ever knowing they’ve been infected. Being called Pegasus, it was discovered after targeting a human rights activist in the United Arab Emirates, and has forced Apple to release an update to patch it.

Pegasus is actually not one exploit, but three iOS zero-day vulnerabilities linked together. The malware leaves no trace that it’s infected a device and other than Safari quickly opening then closing after the victim clicks on a malicious link, there’s no way for them to know they’ve been compromised.

Under the surface, Pegasus is actually talking to the NSO Group’s command and control servers and waiting for orders to download other malware that gives the attackers control over the phone. Pegasus jailbreaks the device and gives complete access to everything on the phone from messages to stored passwords.

Ultimately, Pegasus is meant to track every move a victim makes without them ever knowing it. It monitors every text, email, and calendar update, among other things and sends them back to the attackers. It steals every password and continuously updates the attackers on the victim’s GPS location.

Pegasus has the ability to steal audio from calls, including calls made through third party apps like Skype or WhatsApp. Additionally, the microphone can be turned on to simply monitor what the victim is doing. In most cases a piece of malware that did this would been a huge battery drain, but Pegasus does it without being noticed.

Since the discovery of Pegasus, the NSO Group has taken down the C&C servers it was communicating with. Unfortunately, it has built in safeguards in order to continue spying on its victims. Ultimately, Pegasus was designed to maintain persistent surveillance for longer than most pieces of malware, so its discovery may only be a minor annoyance to whoever is running it.

It’s believed that Pegasus has been taking advantage of vulnerabilities since at least iOS 7. Apple has released an update that patches the three zero-day vulnerabilities. If you have an iPhone, you should download version 9.3.5 of its operating system immediately, since there is basically no way to know if you’ve been infected by Pegasus.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top