Pegasus: A Spyware That Leaves No Trace

For a spyware, Pegasus can do anything. The sly subterranean invader can seize every item from any mobile device without leaving any electronic trace – through just a missed call.

A close look at the complaint filed in a California court by WhatsApp against NSO Group, the Israeli technology firm that developed Pegasus, reveals the extent to which the spyware can collect data from an affected device.

The malware attack which happened through WhatsApp video calling feature and targeted at least 1,400 users was first reported in May.

WhatsApp had announced an immediate update on May 13 after it identified “a vulnerability that could enable an attacker to insert and execute code on mobile devices.” It had called the spyware an “example of a highly sophisticated attack” at the time.

The 111-page complaint, filed in the US District Court in California, against the Israeli developer that also goes by the name Q Cyber Technologies, alleges that the “target users included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.”

The complaint holds NSO responsible for breach of contract and alleges that it has violated several laws of the California state.

WhatsApp has alleged that the defendant (NSO) has injured it’s reputation, public trust, and goodwill and caused it damages “in excess of $75,000 and in an amount to be proven at trial.”

The investigation, detailed in the WhatsApp complaint, found that “between approximately January 2018 and May 2019, Defendants created WhatsApp accounts that they used and caused to be used to send malicious code to target devices in April and May 2019.

The accounts were created using telephone numbers registered in different counties, including Cyprus, Israel, Brazil, Indonesia, Sweden, and the Netherlands.”

“Between approximately April 29, 2019, and May 10, 2019, defendants caused their malicious code to be transmitted over WhatsApp servers in an effort to infect approximately 1,400 target devices. The target users had WhatsApp numbers with country codes from several countries, including the Kingdom of Bahrain, the United Arab Emirates, and Mexico. According to public reporting, Defendants’ clients include, but are not limited to, government agencies in the Kingdom of Bahrain, the United Arab Emirates, and Mexico as well as private entities,” it adds.

According to the complaint, Pegasus is capable of surveillance on three levels: initial data extraction, passive monitoring and active collection.

“Pegasus was designed, in part, to intercept communications sent to and from a device, including communications over iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp, and others,” WhatsApp has elaborated in its written submission.

It adds that the spyware “leaves no trace on the device, consumes minimal battery, memory and data consumption and comes with a self-destruct option that can be used any time.”―India Finance News