Wednesday 5 April 2017

Highly Advanced Mobile Spyware Pegasus Found

Pegasus Mobile Spyware

Highly Advanced Pegasus Mobile Spyware Found By Security Researchers.

Google and Lookout Security researchers working on Pegasus Malware also known as Chrysaor. This mobile Spyware developed by Israeli surveillance company NSO.

  • Developed for iOS and Android mobiles.
  • It can record Whatsapp messages and calls.
  • It can Spy on Social Networking sites like Facebook, Twitter 
  • It can capture logs from Skype and Gmail.
  • It can take screenshots and control Microphone and Camera.

By looking above features of Pegasus Malware, its look more dangerous. Pegasus is capable of reading text messages, track calls, collect passwords, trace the phone location, and gather all information from apps including encrypted communications. By clicking on the Malicious link, Pegasus silently enables jailbreak on the device and then record the logs remotely. Pegasus Malware first identified by Citizen Lab and lookout in 2016.

According to Lookout, Pegasus for Android does not require zero-day vulnerabilities to root the target device and install the malware. Instead, the threat uses an otherwise well-known rooting technique called Framaroot. In the case of Pegasus for iOS, if the zero-day attack execution failed to jailbreak the device, the attack sequence failed overall. In the Android version, however, the attackers built in functionality that would allow Pegasus for Android to still ask for permissions that would then allow it to access and exfiltrate data.

According to Google blog, Late last year, after receiving a list of suspicious package names from Lookout, we discovered that a few dozen Android devices may have installed an application related to Pegasus, which we named Chrysaor. Although the applications were never available in Google Play, we immediately identified the scope of the problem by using Verify Apps. We gathered information from affected devices, and concurrently, attempted to acquire Chrysaor apps to better understand its impact on users. We've contacted the potentially affected users, disabled the applications on affected devices, and implemented changes in Verify Apps to protect all users.

Google found most targets were located in Israel, though individuals in numerous countries were targeted, including Georgia, Mexico, Turkey and UAE.

In the technical analysis "suicide" self-destruct feature was particularly devilish, helping NSO Group's malware avoid detection for almost three years. "If it feels like it's going to be found, it removes itself," said Lookout mobile security researcher Michael Flossman. "That's why it took so long to find these samples."

Flossman also believes that Pegasus for Android was delivered in a similar fashion to its iPhone equivalent, via an SMS message. "The various exploits contained in this surveillance-ware would attempt to be run once the app was installed," Flossman said. "If these exploits were patched on the target device, Pegasus would still be able to function but with a reduced set of capabilities." Google said Pegasus never found its way onto the official Play store.

How can we Protect?

  • Always Be updated your mobile devices with latest Operating System.
  • Do always install apps only from verified sources like Google play Store and iTune store.
  • Do not click on unverified link via SMS or E-mail.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer