What is spyware and how does the most powerful Pegasus work?

It's called Pegasus and it's the spyware used for espionage against politicians, journalists, managers and more. The investigation started by the NGOs Forbidden Stories of Paris and Amnesty International and led to a list of over 50,000 personalities involved, that various governments kept under tight control thanks to spyware designed by an Israeli company. But what is spyware, and how does Pegasus work? Let's find out together.

What is Pegasus

Pegasus was developed by the Israeli company NSO and can be installed in a totally transparent way on both iOS and Android devices. At the base of Pegasus we find installation methodologies that leave very few traces, in the case of the iPhone, and almost zero for devices with the Google operating system.

Discovered for the first time in 2016 following an unsuccessful installation attempt against a business, over the years Pegasus has spread like wildfire. The spyware in question is capable of extracting messages from the victim's phone, even those of messaging apps such as WhatsApp and Telegram, tracking the calls and location of the victim, accessing the microphone and camera, as well as to capture all access data, including passwords.

According to NSO Group, Pegasus is sold to customers without the possibility for the company to manage the individual licenses and, in fact, not have elements of intelligence to know what the activities carried out with the spyware . Among the clients, according to what was communicated by NSO, there are only military, law enforcement and intelligence agencies of countries where human rights are respected. However, Amnesty points out that NSO's claims are not credible especially in light of the more than 50,000 people, including politicians, journalists and activists, monitored daily.

What is spyware

Spyware is a type of malicious software, also called malware, which aims to collect the greatest number of information contained on a PC, smartphone, tablet or any other technological device. Compared to classic direct attack techniques, spyware tends to exploit security gaps in the target device.

In recent years, many intelligence agencies are adopting these modern types of spyware . However, in the event that these software fall into the wrong hands, they can also lead to the activation of surveillance processes towards potential enemies, opponents or people inconvenient to dictatorial regimes.

How it happens the attack

Regarding the method of attack, spyware is installed on devices, traditionally, in the form of a link received via SMS, email, WhatsApp or social media. Very often they are somewhat suspicious messages that are automatically trashed by applications, but sometimes they manage to pass all automated checks.

In the case of Pegasus, however, the attack surface was also given by some problems deriving from flaws zero day and zero click . Suffice it to say that even the 12 iPhones updated to the latest version of iOS 14.6 could be considered target devices for the attack.

In particular, in iOS a zero click flaw was exploited, i.e. that of the previews that did not require user interaction, so as to be totally invisible.

The target user received a message on iMessage or FaceTime and it was enough for the phone to open the preview to install the spyware package, thus going through all security mechanisms including integrated end-to-end encryption. This flaw is also certified by the fact that most of the targets hit by Pegasus used an iPhone.

Not only that, the presence of end-to-end encryption within the messaging apps made it possible that the attack was hidden as no system could analyze and eventually block the content of the message sent.

Therefore, the only way the Pegasus malware was discovered was through system logs that store everything that happens inside the Apple device. In the case of Android, however, the attacks in some cases have left some traces, while in other cases they have not.

How does spyware like Pegasus work?

A modern spyware like Pegasus is capable of attacking any device and allowing you to carry out remote activities such as the acquisition of SMS, email, WhatsApp chat and other messaging apps, photos and videos, GPS data, calendars and address books. In addition to all this, Pegasus also manages to record calls, activate the camera and microphone, steal passwords, usernames, documents and much more, all completely invisible to the user's eyes.

In fact, the latest generation spyware can take control of devices without modifying their functioning . Only through an accurate analysis by a forensic expert is it possible to understand whether or not you have suffered a spyware attack.