29 Aug 2016
A newly discovered piece off malware that was created by the NSO Group, a sketchy company that builds hacking tools for governments, intelligence agencies, and militaries, has the ability to basically turn any iPhone into a surveillance device without the user ever knowing they’ve been infected. Being called Pegasus, it was discovered after targeting a human rights activist in the United Arab Emirates, and has forced Apple to release an update to patch it.
Pegasus is actually not one exploit, but three iOS zero-day vulnerabilities linked together. The malware leaves no trace that it’s infected a device and other than Safari quickly opening then closing after the victim clicks on a malicious link, there’s no way for them to know they’ve been compromised.
Under the surface, Pegasus is actually talking to the NSO Group’s command and control servers and waiting for orders to download other malware that gives the attackers control over the phone. Pegasus jailbreaks the device and gives complete access to everything on the phone from messages to stored passwords.
Ultimately, Pegasus is meant to track every move a victim makes without them ever knowing it. It monitors every text, email, and calendar update, among other things and sends them back to the attackers. It steals every password and continuously updates the attackers on the victim’s GPS location.
Pegasus has the ability to steal audio from calls, including calls made through third party apps like Skype or WhatsApp. Additionally, the microphone can be turned on to simply monitor what the victim is doing. In most cases a piece of malware that did this would been a huge battery drain, but Pegasus does it without being noticed.
Since the discovery of Pegasus, the NSO Group has taken down the C&C servers it was communicating with. Unfortunately, it has built in safeguards in order to continue spying on its victims. Ultimately, Pegasus was designed to maintain persistent surveillance for longer than most pieces of malware, so its discovery may only be a minor annoyance to whoever is running it.
It’s believed that Pegasus has been taking advantage of vulnerabilities since at least iOS 7. Apple has released an update that patches the three zero-day vulnerabilities. If you have an iPhone, you should download version 9.3.5 of its operating system immediately, since there is basically no way to know if you’ve been infected by Pegasus.