Pegasus spyware developed by the NSO Group is in the spotlight after international media organizations collaborated on a massive report revealing governments in the company's clientele using the malware to surveil different persons of interest. Find out how you can tell if your smartphone is infected with the spyware and how you can use Amnesty's toolkit.
What is Pegasus Spyware?
The Pegasus spyware works as malware that infiltrates smartphones via apps like iMessage and WhatsApp. Victims can also introduce the spyware into their devices by inadvertently clicking a link containing the vulnerability, Time explained. The Israeli NSO Group insists it is only intended for use against criminals and terrorists, but the investigation was done by The Guardian and 16 other media organizations revealed widespread and continuing abuse of the spyware.
Spyware like Pegasus takes advantage of known and unknown flaws in a computer's operating system until the companies making the devices roll out fixes.
The NSO Group has also demonstrated the ability to install malware on devices with zero need for interaction from the victim. Receiving a call from someone attempting to infect a device was enough to successfully infiltrate the operating system's defenses without raising any alarms. The spyware is difficult to detect as it exists in the smartphone's memory, similar to other malware like ransomware.
Once installed, Pegasus can harvest practically any data from the device and transmit it back to the attacker, The Guardian explained. The spyware user can secure a log of the phone owner's past movements and track their location in real-time with pinpoint accuracy, including the speed at which their car was traveling.
In the data leak provided by Paris-based journalism nonprofit Forbidden Stories and Amnesty International, around 50,000 phone numbers were potential surveillance targets, TechCrunch said.
The list contained phone numbers of more than 180 journalists, including reporters, editors, and executives at the Financial Times, CNN, the New York Times, France 24, The Economist, Associated Press, and Reuters. Phone numbers of lawyers, activists, journalists, political opponents, government critics, as well as relatives of these individuals were also found in the list.
At least 10 governments are believed to be NSO's clients who were entering numbers into a system: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE), The Guardian revealed. The phone numbers were from 45 countries across four continents.
The NSO Group still maintains it "does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers' targets."
Pegasus spyware targeted:— Ragıp Soylu (@ragipsoylu) July 20, 2021
• Iraq’s Barham Salih
• Pakistan’s Imran Khan
• Egypt’s Mostafa Madbouly
• Morocco’s Saad-Eddine El Othmani
• Uganda’s Ruhakana Rugunda
• Belgium’s Charles Michel⁰• Moroccan King
— Washington Post
4 Ways to Tell if Your Android is Infected with Pegasus or any other Malware
Look out for these warning signs of an infiltrated smartphone. Using the recently released toolkit should also be helpful in scanning your device for any malicious software.
4. Check for signs of battery drainage
Spyware can drain an excessive amount of battery from your device. See if your battery is depleting very quickly or that you find yourself needing to charge your phone often.
3. Check for encrypted text messages
Receiving strange SMS messages that look like code could be a worrisome sign that the device is hit with spyware. Beware of other texting scams like smishing that steal sensitive information from devices as well.
2. Check for high data usage
When your phone is hacked, the hacker is trying to extract data from your phone which means it needs a connection to transfer that data. Go to Settings then tap Connections. Select Data usage and then review your current amount of available data.
1. Use the Mobile Verification Toolkit
The MVT scans the device backup for text messages with links to domains known to be used by NSO as well as any potentially malicious applications installed on the device, Tech Crunch explained.
Here's what Israel’s NSO Group Pegasus #spyware can do- software they willingly sell to “vetted” parties. Graphics from @guardian This was recently found to work on iPhones as well by Amnesty International. pic.twitter.com/Y7Q3L7ixjD— Mindful Vegan Canadian🇨🇦🧘♂️ (@mindfulvegan_ca) July 22, 2021
How to Use Amnesty's Mobile Verification Toolkit
The open-source toolkit can be downloaded from Github and is available for both Android and iOS users.
The Amnesty International Security Lab does inform the users that the tool does require some technical skills like understanding the basics of forensic analysis and using command line tools. Installation of the MVT does require the installation of dependencies that are compatible with the computer being used for the scans.
A more in-depth guide to using the tool is available in their documentation that walks the user step by step from installation to scanning.
The tool is not limited to scanning for Pegasus as it can also check for other malicious apps.