The infamous Spyware – Pegasus, The NSO Group and The WhatsApp snooping saga

The Indian media is abuzz these days with several news and allegations around snooping on several Indian citizens through a spyware named Pegasus, allegedly delivered through WhatsApp. It’s reported widely that Facebook Inc., the parent company of popular messaging app -WhatsApp, reached out to few users from India (and other countries as well) informing about a possible snooping incident carried out on them for a short period of couple of weeks in early 2019.

What is being reported?

WhatsApp recently confirmed that it had informed several Indian users that they (their Mobile Phones) had been targeted by a Spyware named Pegasus. The victims mainly include several journalists, activists, lawyers and senior government officials and are believed to have been put on surveillance for couple of weeks in April/May, 2019. Pegasus is a Spyware for mobile operating systems like Android, iOS and others. Pegasus is developed by the Israeli firm, NSO Group. There are news about WhatsApp’s parent company, Facebook, filing a lawsuit against Israel’s NSO Group alleging that NSO’s spyware Pegasus infected the phones of some users after it was delivered through the WhatsApp messaging platform.

What is Pegasus and how it infects your Phone?

Pegasus, the Spyware for Mobiles, isn’t really new. It first surfaced in mid 2016, and was believed to be targeting only iOS users. It used to enter Mobile phones through a malicious link and had capabilities to read text messages, track calls, collect passwords, gather data from other apps and collect geo-location of the phone. Pegasus came in news several times after that, with new functionalities and ability to infect Android and other Mobile Operating Systems.

In May 2019, Facebook patched a critical remote buffer overflow vulnerability in WhatsApp, tracked as CVE-2019-3568.  It’s a vulnerability in WhatsApp VOIP stack that could allow remote code execution via specially crafted series of RTCP packets sent to a target phone number. It has been reported that, attackers exploited this vulnerability in WhatsApp to infect victim’s Mobile Phones with the infamous spyware Pegasus. This bug in the Audio/Video call feature of vulnerable WhatsApp versions allowed the caller(Attacker) to install Pegasus spyware on the victim’s device, irrespective of whether the call was answered or not. Facebook was quick enough to patch this vulnerability and alert users to update their apps to latest version.

Possibly, there can be different ways through which Pegasus can infect your mobile phones and it’s not just limited to a malicious link or a malicious call to the users running vulnerable versions of WhatsApp app. User’s should be always alert while clicking on links received through messages, emails or any Social Media platforms and should refrain from installing apps from Third-party App Stores.

Quick Heal’s Detection:

Quick Heal Total Security for Mobile successfully detects Pegasus Spyware through different detections named as Android.Pegasus.A , Android.Chrysaor.A , and AndroidELF.Pegasus.A.

Although researchers at Quick Heal Security Labs are constantly on the lookout for malicious activities happening against Mobile Devices, prevention is always better than cure. Our modern world has absolutely brought mobile devices at the forefront of how we conduct our day to day lives. Communication, e-commerce, entertainment, logistics, even office work is all being conducted today via mobile devices. Evidently then, any type of breach to mobile devices personally used will bring life to a standstill, create panic and cause extreme inconvenience. To avoid this unpleasant scenario, leverage on Quick Heal Total Security for Android  and protect your Android based smart devices from all the known as well as emerging cyber threats.